Coinbase確認流氓員工的數據洩露，提供2000萬美元的賞金

在一個通過加密貨幣行業引起衝擊波的網絡攻擊中，世界上最大的加密貨幣交易所之一Coinbase證實了數據洩露

Coinbase (NASDAQ:COIN) has disclosed a data breach affecting less than 1% of its 9.7 million monthly active users (MAUs), impacting less than 0.1% of its total user accounts. The breach was the result of an insider threat, with several overseas support contractors being bribed by cybercriminals to pull personal data from internal systems.

Coinbase（NASDAQ：COIN）披露了一個數據洩露，影響其每月活躍用戶（MAUS）的1％不到1％，影響了其總用戶總帳戶的0.1％。違規是內幕威脅的結果，網絡犯罪分子賄賂了幾個海外支持承包商，以從內部系統中獲取個人數據。

This information was used to launch a social engineering campaign, where the attackers impersonated Coinbase to defraud users and ultimately demanded a $20 million ransom to keep the stolen data private. However, Coinbase refused to pay up and is instead offering a $20 million bounty for information leading to the arrest and conviction of those involved.

這些信息用於發起社會工程活動，攻擊者冒充欺詐用戶的Coinbase，並最終要求耗資2000萬美元的贖金以使被盜的數據私有。但是，Coinbase拒絕付款，而是為逮捕和定罪的信息提供了2000萬美元的賞金。

What Happened

發生了什麼

According to a regulatory filing and a statement by Coinbase, several support contractors in countries outside the U.S. were targeted by cybercriminals. The attackers used advanced AI and deepfake technologies to create highly convincing phishing messages and video calls, luring the contractors into divulging small amounts of personal data from internal systems.

根據監管文件和Coinbase的聲明，美國以外國家的幾個支持承包商是網絡犯罪分子的目標。攻擊者使用先進的AI和DeepFake技術來創建高度令人信服的網絡釣魚消息和視頻通話，使承包商從內部系統中洩露了少量的個人數據。

This data was used to launch a social engineering campaign on a smaller subset of Coinbase users. The attackers contacted these users via email, phone, and text messages, impersonating Coinbase in attempts to deceive users into transferring their crypto to attackers’ wallets.

該數據用於在較小的Coinbase用戶子集上啟動社會工程活動。攻擊者通過電子郵件，電話和短信與這些用戶聯繫，並試圖欺騙用戶將其加密貨幣轉移到攻擊者的錢包中。

Crucially, no funds, passwords, private keys, or 2FA credentials were compromised, and Coinbase Prime users were not affected. However, the breach triggers alarm due to the nature of the stolen data and the method of infiltration.

至關重要的是，沒有損害資金，密碼，私鑰或2FA憑據，而Coinbase Prime用戶也沒有受到影響。但是，由於被盜數據的性質和滲透方法，違規行為會觸發警報。

Coinbase's Response

Coinbase的回應

Coinbase is taking several steps to remediate the breach and protect its users. The company has notified all affected users and is offering to reimburse any customer who was tricked by the scammers into sending them any funds.

Coinbase正在採取幾個步驟來補救違規並保護其用戶。該公司已通知所有受影響的用戶，並提出要償還任何被騙子欺騙的客戶，以向他們發送任何資金。

Coinbase is also placing stricter withdrawal protocols on the affected accounts, adding new layers of ID verification and scam-awareness prompts before any attempt to withdraw funds.

Coinbase還將更嚴格的提款協議放在受影響的帳戶上，在任何嘗試撤回資金之前，都會添加ID驗證和騙局意識提示的新層。

In the long term, Coinbase is establishing a new U.S.-based customer support hub and rolling out an advanced insider-threat detection system across all of its global support centers. The rogue employees have been terminated and referred for prosecution, and the company is working closely with law enforcement agencies in multiple countries to identify and apprehend the criminals.

從長遠來看，Coinbase正在建立一個新的美國客戶支持中心，並在其所有全球支持中心推出高級內部威脅檢測系統。流氓僱員已被終止並轉介起訴，該公司正在與多個國家的執法機構緊密合作，以識別和逮捕罪犯。

“Trust is foundational to crypto adoption,” the company said. “We’re sorry for the concern this incident caused and remain committed to protecting our users at every step.”

該公司表示：“信任是加密採用的基本。” “我們為這一事件引起的擔憂，並繼續致力於保護我們的用戶的每一步。”

Expert's Take

專家的看法

This incident highlights the growing sophistication of cybercriminals, especially those exploiting human fallibility rather than technical flaws. As new technologies like AI and deepfakes become more accessible, they are being used by these actors to bypass traditional fraud prevention measures.

這一事件凸顯了網絡犯罪分子的成熟程度，尤其是那些利用人類謬誤而不是技術缺陷的人。隨著AI和Deepfakes等新技術變得越來越易於​​使用，這些參與者正在使用它們來繞過傳統的欺詐預防措施。

“We are at an inflection point in digital trust,” said Nick Jones, CEO of crypto platform Zumo. “As our nascent industry grows rapidly, it draws the eye of bad actors who are now harnessing AI tools to an unprecedented degree.”

Crypto Platform Zumo的首席執行官Nick Jones說：“我們處於數字信託的概要點。” “隨著我們新生的行業發展迅速，它吸引了現在正在利用AI工具前所未有的學位的壞演員的眼睛。”

Jones noted the timing of the breach is especially painful for Coinbase, which recently acquired Deribit in one of the largest digital market deals and was added to the S&P 500—milestones that mark it as a global industry leader. He added that institutions are also investing heavily in blockchain and Web3 technologies.

瓊斯指出，違規的時機對Coinbase特別痛苦，後者最近在最大的數字市場交易之一中獲得了Deribit，並被添加到標準普爾500標準普爾（S＆P 500）中，即標記為全球行業領導者的米爾斯坦。他補充說，機構還在區塊鍊和Web3技術上進行大量投資。

However, Jones pointed out the EU is rolling out new legislation like DORA to ensure the resilience of the financial services supply chain and enforce stricter standards of data hygiene. “This attack makes a compelling case for similar legislation and best practices to be adopted across crypto platforms.”

但是，瓊斯指出，歐盟正在製定諸如多拉之類的新立法，以確保金融服務供應鏈的韌性和執行更嚴格的數據衛生標準。 “這次攻擊為類似的立法和在加密平台之間採用的最佳實踐提供了令人信服的案例。”