Coinbase has terminated a group of customer support agents based in India following their alleged involvement in a social engineering attack that compromised user data. According to Chief Security Officer Philip Martin, these contractors were bribed by cybercriminals to grant unauthorized access to sensitive customer information, including names, birthdates, partial Social Security numbers, and transaction histories.
The breach, which affected less than 1% of Coinbase’s user base, led to a $20 million ransom demand from the attackers, who threatened to release the stolen data publicly. Coinbase refused to pay the ransom and instead offered a $20 million reward for information leading to the arrest and conviction of the perpetrators.
Phishing Scams Target Users
The compromised data was used in sophisticated phishing attacks. Qiao Wang, a core contributor to Alliance DAO, reported that a scammer, posing as a Coinbase representative, contacted him claiming his account was compromised. The scammer, having access to Wang’s personal information, attempted to convince him to transfer his funds to a fraudulent “Coinbase self-custodial wallet.” Wang recounted that the scammer claimed to have made $7 million that day through such schemes.
Coinbase estimates that the breach could cost the company between $180 million and $400 million in remediation and customer reimbursements. In response, the company has implemented additional security measures, including enhanced identity verification for large withdrawals and increased monitoring of high-risk transactions. Furthermore, Coinbase is establishing a new support hub in the U.S. to strengthen its customer service operations.
Ongoing SEC Investigation
Amid the data breach fallout, Coinbase is also under investigation by the U.S. Securities and Exchange Commission (SEC) for allegedly overstating its user numbers in past filings. The probe focuses on the company’s previous reporting of “verified users,” a metric that included individuals who had only verified their email or phone number. Coinbase has since discontinued this metric, shifting to reporting “monthly transacting users.” Chief Legal Officer Paul Grewal described the investigation as a “holdover” from the prior administration and expressed the company’s belief that it should not continue.
Market Reaction
Following the disclosure of the data breach and the SEC investigation, Coinbase’s stock experienced a 7% decline, closing at $244. Despite these challenges, the company is set to be included in the S&P 500 index on May 19, reflecting its significant role in the cryptocurrency industry.
Coinbase continues to work with law enforcement agencies to investigate the breach and has urged anyone with information about the attackers to contact them at [email protected] with “[BOUNTY]” in the subject line.
