Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Major crypto exchange Coinbase has issued an urgent alert to its users following a targeted security incident, publicly detailing an extortion attempt against it and its customers in a recent official blog post.
Coinbase disclosed that cybercriminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These bad actors used cash offers to convince a small group of insiders to copy data in the Coinbase customer support tools for less than 1% of Coinbase's monthly transacting users.
They aimed to compile a customer list they could contact while pretending to be Coinbase and tricking individuals into handing over their crypto. They then attempted to extort Coinbase for $20 million to cover this up, but it declined.
While a small subset of customers, less than 1% of Coinbase MTU, were affected, no passwords, private keys or funds were exposed, and Coinbase Prime accounts remain untouched. Coinbase stated it will reimburse customers tricked into sending funds to the attacker while cooperating closely with law enforcement to pursue the harshest penalties possible but will not pay the $20 million ransom demand.
Coinbase is establishing a $20 million reward fund for information that leads to the arrest and conviction of those responsible for the attack. Impact notices have been sent to affected users, and the community will be updated as the investigation progresses.
Urgent warning issued
Coinbase warned its users that imposters or scammers, whether related to the breach or not, may pose as Coinbase employees and try to pressure them into moving their funds.
Users should be aware that Coinbase will never request passwords, 2FA codes or asset transfers to a specific or new address, account, vault or wallet. It will never phone or text consumers to provide them with a new seed phrase or wallet address to transfer coins to. If they receive a call along these lines, they should not respond; Coinbase will never request that they contact an unknown number to reach it.
Coinbase outlined a few best practices, which include enabling withdrawal allow-listing, using strong 2FA with hardware keys and exercising caution before taking action.
Vladislav Sopov
Dan Burgin