Criminals Bribed Outsourced Contractors to Steal Coinbase User Data

Cryptocurrency exchange Coinbase has stated that an internal data breach affecting nearly 70,000 users involved bribed contractors from India.

The initial report from Coinbase said the data breach could be attributed to the misconduct of a small group of external contractors; however, it turned out to be a more complex problem.

The crypto exchange confirmed that a coordinated bribery scheme had been directed at its overseas customer support team, leading to the leak of personal and financial data. The company said it reported the breach to police and launched a $20 million reward fund to get information on the attackers.

What happened?

In a detailed statement, Coinbase revealed that a group of cybercriminals infiltrated its outsourced customer support operation in India by offering bribes to support agents.

The compromised staff allegedly accessed internal systems and exfiltrated personal data belonging to 69,461 customers. The data included:

• Full names, addresses, phone numbers, and email addresses
• Masked Social Security numbers and partial bank details
• Images of government-issued IDs, such as passports and driver's licenses
• Account details, including balances and transaction history
• Limited internal corporate records

Login credentials, two-factor authentication codes, and private wallet keys were not affected, according to Coinbase. The company said customer funds and wallet systems remained secure.

$20 million ransom demand

Attackers allegedly contacted Coinbase by email, demanding $20 million in exchange for keeping the stolen data private. The company rejected the demand and instead offered a $20 million bounty for information that leads to arrests.

Affected customers have been notified, and the company says it will reimburse any users who suffered financial loss due to scams connected to the breach.

The breach is expected to cost Coinbase between $180 million and $400 million, mainly in customer reimbursements and operational fixes.

Risks of social engineering

While no passwords or keys were stolen, it's safe to say that the leaked data could be used in phishing or impersonation scams, especially since Coinbase refused to pay, and criminals will likely try to sell the info on the darknet.

The crypto exchange has urged customers to remain vigilant and report any suspicious messages claiming to come from the company.