Coinbase says ‘rogue’ support agents helped steal customer data

Coinbase says cyber criminals “bribed and recruited” assist staff to assist steal buyer knowledge and trick victims into sending cash to attackers. Because of the assault, unhealthy actors obtained the names, addresses, cellphone numbers, authorities IDs photos, account knowledge, and partial social safety numbers of a “small subset of customers,” according to a blog post on Thursday.

In a submitting with the Securities and Exchange Commission, the crypto change stated it acquired an electronic mail on Could eleventh from a menace actor who claimed they’d details about sure Coinbase accounts. The unhealthy actor demanded $20 million in change for not publicly exposing the data, however Coinbase refused to pay.

Coinbase is working with regulation enforcement to research the incident. It additionally “instantly terminated the personnel concerned.” The corporate “will press felony fees.”

The crypto change notes that the attackers didn’t get login credentials, 2FA codes, or non-public keys, and weren’t in a position to entry any Coinbase accounts or wallets. Coinbase says it may spend $180 million to $400 million repaying impacted prospects. It’s additionally providing a $20 million reward to anybody who offers data resulting in an arrest.

“Scammers — associated to this incident or not — could pose as Coinbase workers and attempt to stress you into shifting your funds,” the corporate says in its weblog put up. “Keep in mind, Coinbase won’t ever ask to your password, 2FA codes, or so that you can switch property to a selected or new deal with, account, vault or pockets.”