San Francisco, ca – Coinbase, the largest cryptocurrency exchange in the US.
In a statement on Thursday, Coinbase confirmed that a group of customer service agents abroad were bribed by cybercriminals who used stolen information to launch specific cryptography scams. The compromised data include names, birth dates and parts of customer social security numbers, confidential details that the scammers used to impersonate coinbase employees and deceive users to deliver their funds.
“These attackers are not violating our systems through the code, they are exploiting trust,” CEO Brian Armstrong said in a publication on social networks. “They are using social engineering tactics to deceive real people to deliver real money.”
The company refuses to pay, offers generosity in its place
Instead of yielding to the demands of computer pirates, Armstrong said Coinbase will not pay the rescue, and instead is offering a $ 20 million reward to anyone who can help identify and take the attackers before justice.
“We will not be extorted” said. “If you have information that leads to your arrest, we will pay you.”
Coinbase received the rescue demand last Sunday, with attackers threatening to release stolen data unless they are paid in Bitcoin.
How the violation happened
Coinbase revealed in a presentation before the Bag and Securities Commission (SEC) that had previously discovered “a small number” of its customer service agents that access the data that were not authorized to see. Those employees have been completed, and the company said it is reinforcing internal controls.
Although it is not clear how many users were affected, the company expects to spend between $ 180 million and $ 400 million About response efforts, including Customer refunds and fraud prevention updates.
The company has pledged to cover the losses for any client affected by the scam.
??? URGENT: Coinbase breach: bribery internal support agents, personal data filtered for <1% of users, the company promises a complete refund pic.twitter.com/dmlecnaijf– Juan Cienfuegos | Bitcorner (@thejuansc) May 15, 2025
Why this violation is a attention call
This incident is a marked reminder that even the safer platforms can be compromised, not only through the code, but through people. Coinbase was not the victim of a cyber attack; It was betrayed by some experts who renounced customer data for money.
What is especially worrying is that stolen data were not only user names or emails: it included partial social security numbers and sufficient personal information to launch convincing scams. For users, that means that the risk does not stop in this violation. Telephone calls, phishing attempts and impersonation schemes can follow for months.
It also raises larger questions about how cryptographic companies manage remote equipment and support operations abroad. If a handful of employees can filter confidential data, what other vulnerabilities are inadvertent?
The fact that Coinbase refuses to pay the rescue, and instead offers the same amount as a reward, sends a message to cybercriminals. But if that approach discourages future attacks or simply increases the conflict remains to be seen.
Also read: It arises in the theft of cryptocurrencies through piracy in the first half of 2024
(Tagstotranslate) Coinbase Data Infringe 2025 (T) Coinbase rescue demand $ 20 million
Source link