Coinbase faces $400 million bill after insider phishing attack

News broke on May 15 that Coinbase was the target of a $20 million extortion attempt after cybercriminals recruited overseas support agents to leak user data

A group of external actors bribed and colluded with several customer support contractors to gain access to internal systems and steal a limited amount of user account data, cryptocurrency exchange Coinbase said on May 15.

The insiders abused their access to customer support systems to steal the account data for a small subset of customers, and the attackers then attempted to extort $20 million worth of Bitcoin (BTC) from Coinbase in exchange for not disclosing the breach. No passwords, private keys, funds or Coinbase Prime accounts were affected.

Less than 1% of Coinbase’s monthly transacting users’ data was affected, the company said.

Coinbase will fully compensate any customers whose data was leaked and used in phishing scams, and the company is also offering a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.

The statement comes after reports that a group of cybercriminals based in Southeast Asia had been recruiting local support agents to help them leak user data and carry out social engineering scams.

The hackers targeted Coinbase’s support agents in the Philippines with fake job offers at a new cryptocurrency firm called “DeltaChain.”

After gaining the trust of the support agents, the hackers reportedly offered them large sums of money to help steal user data and carry out phishing scams.

The hackers are said to have threatened the support agents with violence if they refused to cooperate.

Coinbase did not immediately respond to TechCrunch’s request for comment.

The news comes amid a broader crackdown on cybercrime by U.S. authorities.

Earlier this year, the Federal Bureau of Investigation (FBI) announced that it had shut down a botnet that was used to steal more than $1 billion from bank accounts.

And in April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical vulnerability in Microsoft Windows that could allow attackers to gain complete control of affected devices.output: A group of external actors bribed and colluded with several customer support contractors to gain access to internal systems and steal a limited amount of user account data, cryptocurrency exchange Coinbase said on Monday.

The company said the insiders abused their access to customer support systems to steal the account data for a small subset of customers, and the attackers then attempted to extort 200 Bitcoin (BTC), valued at around $20 million at current prices, in exchange for not disclosing the breach. No passwords, private keys, funds or Coinbase Prime accounts were affected.

Less than 1% of Coinbase’s monthly transacting users’ data was affected, the company said.

Coinbase will fully compensate any customers whose data was leaked and used in phishing scams, and the company is also offering a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.

The statement comes after reports that a group of cybercriminals based in Southeast Asia had been recruiting local support agents to help them leak user data and carry out social engineering scams.

The hackers targeted Coinbase’s support agents in the Philippines with fake job offers at a new cryptocurrency firm called “DeltaChain.”

After gaining the trust of the support agents, the hackers reportedly offered them large sums of money to help steal user data and carry out phishing scams.

The hackers are said to have threatened the support agents with violence if they refused to cooperate.

Coinbase did not immediately respond to TechCrunch’s request for comment.

The news comes amid a broader crackdown on cybercrime by U.S. authorities. Earlier this year, the Federal Bureau of Investigation (FBI) announced that it had shut down a botnet that was used to steal more than $1 billion from bank accounts.

And in April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of a critical vulnerability in Microsoft Windows that could allow attackers to gain complete control of affected devices.