Coinbase已確認網絡犯罪分子偷走了敏感的客戶數據

在一個重大的網絡安全事件中，Coinbase證實，網絡犯罪分子在一群賄賂的流氓海外支持代理商的幫助下，偷走了敏感的客戶數據

Coinbase has fallen victim to a significant cybersecurity incident, in which a group of cybercriminals, aided by a group of bribed rogue overseas support agents, stole sensitive customer data in an attempt to extort the company for $20 million.

Coinbase已成為一項重大網絡安全事件的受害者，其中一群網絡犯罪分子在一群賄賂的流氓海外支持代理商的協助下，偷走了敏感的客戶數據，以期將公司勒索以2000萬美元的價格勒索公司。

The incident unfolded when the attackers contacted Coinbase via email on May 11, 2025, demanding a $20 million ransom in exchange for the stolen data. However, the largest U.S.-based cryptocurrency exchange refused to pay the ransom and instead opted to establish a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for the attack.

當攻擊者於2025年5月11日通過電子郵件與Coinbase聯繫時，事件發生了，要求耗資2000萬美元的贖金以換取被盜數據。但是，美國最大的加密貨幣交易所拒絕支付贖金，而是選擇建立一個耗資2000萬美元的獎勵基金，以導致逮捕和定罪負責襲擊的罪犯。

According to Coinbase’s official blog post dated May 15, 2025, the breach occurred when a small group of rogue customer support contractors, based overseas, were recruited by cybercriminals through cash bribes to exfiltrate data for less than 1% of Coinbase’s monthly transacting users.

根據Coinbase的官方博客帖子，日期為2025年5月15日，違反行為發生在網絡犯罪分子通過現金賄賂以不到1％的Coinbase月份每月交易用戶的不到1％的方式來刪除數據時，違反了海外的一小部分流氓客戶支持承包商。

Their goal was to compile a list of customers they could target by impersonating Coinbase, to deceive users into giving up their cryptocurrency. Subsequently, they attempted to blackmail Coinbase, demanding $20 million to keep the breach hidden. But Coinbase refused the offer.

他們的目標是通過假冒Coinbase來彙編他們可以針對的客戶列表，以欺騙用戶放棄加密貨幣。隨後，他們試圖勒索Coinbase，要求2000萬美元以保持違規行為。但是Coinbase拒絕了要約。

“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase wrote in a Thursday blog post.

Coinbase在周四博客中寫道：“網絡罪犯賄賂並招募了一群流氓海外支持代理商，以竊取Coinbase客戶數據，以促進社會工程攻擊。這些內部人士濫用了他們對客戶支持系統的訪問，以竊取一小部分客戶的帳戶數據。”

“No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched.”

“沒有曝光密碼，私鑰或資金，也沒有對Coinbase Prime帳戶進行觸摸。”

Coinbase has said it is taking full responsibility for protecting affected users, who will be contacted via email on May 15. Impacted customers will be reimbursed if they were fooled into transferring funds to scammers due to social engineering attacks.

Coinbase表示，將對保護受影響的用戶承擔全部責任，這些用戶將於5月15日通過電子郵件與他們聯繫。如果由於社會工程攻擊，受影響的客戶將被欺騙將資金轉移到詐騙者的情況下。

The company is also rolling out tighter withdrawal controls, as flagged accounts will now require additional identity verification for large transactions, along with new scam-awareness prompts. It is opening a new support hub in the U.S. and adding stronger security controls and monitoring across all locations.

該公司還將推出更嚴格的提款控件，因為標記的帳戶現在將需要大型交易的其他身份驗證以及新的騙局意識提示。它正在美國開放一個新的支持中心，並在所有位置增加了更強的安全控制和監視。

Additionally, to prevent future breaches, the company has increased investments in insider threat detection, security threat simulation, and automated response to identify similar security threats in its infrastructure.

此外，為了防止未來的違規行為，該公司增加了對內部威脅檢測，安全威脅模擬和自動響應的投資，以確定其基礎設施中的類似安全威脅。

Rather than pay the ransom, Coinbase is offering a $20 million bounty to anyone who can help bring the perpetrators to justice. The company is also working closely with U.S. and international law enforcement and has already fired the exchange staff involved in the breach. It will press criminal charges.

Coinbase並沒有支付贖金，而是向任何可以幫助將肇事者繩之以法的人提供了2000萬美元的賞金。該公司還與美國和國際執法部門緊密合作，並已經解雇了涉及違規的交換人員。它將按照刑事指控。

“Working with industry partners, we’ve tagged the attackers’ addresses so the authorities can track and work to recover assets,” the company added.

該公司補充說：“與行業合作夥伴合作，我們已經標記了攻擊者的地址，以便當局可以跟踪和努力追回資產。”

Coinbase is urging customers to remain vigilant, as imposters may try to exploit the situation by posing as Coinbase employees. The company will never ask for passwords or 2FA codes, or ask users to move funds or assets to a specific or new address, account, vault or wallet, or call or text users to move funds to a “safe” wallet.

Coinbase正在敦促客戶保持警惕，因為冒名頂替者可能試圖通過擔任Coinbase員工來利用這種情況。公司永遠不會要求密碼或2FA代碼，或要求用戶將資金或資產轉移到特定或新的地址，帳戶，金庫或錢包，或致電或文本用戶將資金移至“安全”錢包。

If this happens, the crypto exchange suggests users hang up on imposters, immediately lock their account in the app, and email at [email protected] to report suspicious activity.

如果發生這種情況，加密交易所建議用戶掛在冒險者身上，立即將其帳戶鎖定在應用程序中，並通過[電子郵件保護]來報告可疑活動。

To protect against any potential data breach, Coinbase recommends that its users enable two-factor authentication (2FA) and turn on withdrawal allow-listing for secure transfers.

為了防止任何潛在的數據洩露，Coinbase建議其用戶啟用兩因素身份驗證（2FA），並打開撤回允許上的允許上班，以進行安全轉移。

“To the customers affected, we’re sorry for the worry and inconvenience this incident caused. We’ll keep owning issues when they arise and investing in world class defenses—because that’s how we protect our customers and keep the crypto economy safe for everyone,” Coinbase concluded.

Coinbase總結說：“對於受影響的客戶，我們為這一事件帶來的擔憂和不便感到抱歉。當問題出現並投資於世界一流的防禦措施時，我們將繼續擁有問題，因為這就是我們保護客戶的方式並確保每個人的加密經濟安全。”