Coinbase Discloses Targeted Cyberattack Involving Bribed Overseas Contractors, Resulting in a Data Breach

Coinbase has disclosed a targeted cyberattack involving bribed overseas contractors, resulting in a significant data breach that impacted less than 1% of its monthly active users.

Coinbase has disclosed a major data breach that impacted less than 1% of its monthly active users. The breach was caused by a targeted cyberattack that involved a group of overseas contractors who were bribed by attackers to grant them access to internal tools.

The attackers managed to extract some customer data, including partial bank information, addresses, phone numbers, and masked Social Security digits. However, no funds, passwords, private keys, or Coinbase Prime accounts used by institutions were affected.

According to a report by Blockworks, the incident began with a group of contractors working for a company that provides services to Coinbase in a foreign country being targeted by the attackers.

The attackers, who were described as experienced in social engineering, managed to befriend the contractors online over the course of several months and eventually bribed them to grant them remote access to internal tools used by Coinbase.

Once they gained access, the attackers extracted a data dump that included names, email addresses, phone numbers, city and state of residence, last four digits of bank account numbers, and the first five digits of Social Security numbers in a masked format. The aim was to use this information to impersonate Coinbase and extract additional assets from users through phishing scams.

Coinbase said it discovered the breach and took steps to shut it down. It is now offering a reward of up to $20 million for information leading to the arrest and conviction of the attackers.

The company is also working with blockchain analytics firms to identify addresses on blockchains that are being used by the attackers, and is engaging with crypto exchanges to freeze any stolen assets and monitor the flow of funds. It has also notified relevant authorities in the US and other countries about the breach and is cooperating with their investigations.

Coinbase is taking several steps to prevent future attacks and mitigate the risks arising from this incident. These steps include:

* Implementing additional ID verification procedures for all customers making withdrawals above a certain amount.

* Launching a new customer support hub in the US to reduce reliance on third-party contractors.

* Introducing new protections for users, such as real-time scam alerts and enhanced monitoring of accounts that are flagged as high risk.

It is also deploying new internal programs to detect insider threats and will be running continuous red-team testing to identify vulnerabilities in its systems.

Coinbase said it is committed to doing everything it can to help the customers who were impacted by this breach. It will be reaching out to these customers directly and will provide them with regular updates on the company's progress in remedying the situation.

The company is also prepared to take further action to protect its customers, such as applying for coverage under relevant US federal programs to help provide complete restitution to customers who may be defrauded by the attackers in follow-up scams.

This incident comes at a crucial moment for Coinbase, which is on the verge of becoming the first crypto-native company to be included in the S&P 500 index.

The inclusion, which is expected to take place on Monday, will place a strong spotlight on the exchange’s performance and operations.

With analysts estimating the total cost of the data breach to be in the range of $180 million to $400 million, the focus will likely turn to the exchange’s security infrastructure and operational resilience in handling such incidents.

Coinbase said it is currently completing a full assessment of the financial losses, legal claims, and potential recoveries arising from the breach. The company will disclose the full extent of the impact in its upcoming financial statements.