Coinbase正在處理最近的網絡攻擊的後果

漏洞影響了用戶的“小子集”，並包括敏感信息，例如名稱，電子郵件地址，電話號碼

Crypto exchange Coinbase is dealing with the fallout of a recent cyberattack that exposed personal data of some of its customers and may cost the company up to $400 million, according to a regulatory filing.

根據監管文件，Crypto Exchange Coinbase正在處理最近的網絡攻擊的後果，該網絡攻擊暴露了其某些客戶的個人數據，並可能使公司損失高達4億美元。

The company said on Thursday that the breach impacted a “small subset” of users and included sensitive information such as names, email addresses, phone numbers, partial Social Security numbers, masked bank account details, and even government-issued IDs. Login credentials and private keys were not accessed, Coinbase assured users.

該公司週四表示，違規行為影響了用戶的“小子集”，並提供了敏感信息，例如姓名，電子郵件地址，電話號碼，部分社會保險號，蒙版的銀行帳戶詳細信息，甚至是政府發行的ID。 Coinbase向用戶保證，無法訪問登錄憑據和私鑰。

“Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers,” Coinbase wrote on X.

“網絡罪犯賄賂並招募了流氓海外支持代理商，以獲取<1％的Coinbase mtus的個人數據。沒有密碼，私鑰或資金被暴露。未觸及Prime帳戶。我們將重新註銷受影響的客戶，” Coinbase在X上寫道。

We are disclosing a legal matter that may impact our financials. A third-party contractor pulled personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. Here's what happened:Earlier this year, we became aware of a threat actor attempting to extort Coinbase and sell personal data of a small subset of our customers. The threat actor, who appears to be based in Eastern Europe, threatened to release the data unless we paid a ransom of $20 million in Bitcoin by May 10. They also claimed to have internal documents, such as presentations and meeting notes.

我們正在披露可能影響我們的財務狀況的法律問題。第三方承包商將<1％Coinbase MTU的個人數據提取了。沒有暴露密碼，私鑰或資金。主要帳戶未觸及。我們將償還影響客戶的影響。發生了什麼事：今年早些時候，我們意識到威脅性演員試圖勒索並出售一小部分客戶的個人數據。這位似乎位於東歐的威脅行為者威脅要發布數據，除非我們在5月10日之前支付了2000萬美元的比特幣贖金。他們還聲稱擁有內部文件，例如演講和會議票據。

We learned that the threat actor had managed to bribe several third-party contractors and support staff outside of the United States to gain access to internal data. Those involved have been identified and terminated.

我們了解到，威脅行為者設法賄賂了美國以外的幾個第三方承包商和支持員工，以獲取內部數據。涉及的人已被確定並終止。

The threat actor appears to have pulled the personal data of <1% of Coinbase users. This information includes names, email addresses, phone numbers, partial Social Security numbers, masked bank account details, and government-issued ID types. However, login credentials and private keys were not accessed. In addition, the threat actor does not appear to have accessed any prime accounts or any other internal data.

威脅參與者似乎已經提取了<1％的Coinbase用戶的個人數據。此信息包括名稱，電子郵件地址，電話號碼，部分社會保險號，蒙版的銀行帳戶詳細信息和政府發行的ID類型。但是，未訪問登錄憑據和私鑰。此外，威脅參與者似乎沒有訪問任何主要帳戶或任何其他內部數據。

We are deeply sorry that this incident occurred. We take the security and privacy of our customers’ data extremely seriously. We are working diligently to mitigate any potential impact on our customers and to take steps to prevent such incidents from happening in the future.

我們非常抱歉發生了這一事件。我們非常重視客戶數據的安全性和隱私。我們正在努力減輕對客戶的任何潛在影響，並採取措施防止將來發生此類事件。

Coinbase is a leading cryptocurrency exchange that provides a platform for buying, selling, and trading digital currencies. The company is publicly traded on the Nasdaq Stock Exchange. It is also subject to regulation by the U.S. Securities and Exchange Commission (SEC) and other agencies.The company said it expects a financial impact ranging between $180 million and $400 million as a result of the attack. Its stock dropped by over 6.5 per cent following the news.

Coinbase是領先的加密貨幣交易所，為購買，銷售和交易數字貨幣提供了一個平台。該公司在納斯達克證券交易所公開交易。該公司表示，該公司還受到美國證券交易委員會（SEC）和其他機構的監管。新聞後，其股票下跌了6.5％。

Separately, the US Securities and Exchange Commission (SEC) is looking into whether Coinbase previously provided inaccurate information about its user statistics. According to Reuters, the regulator is reviewing the company’s previously reported “verified user” numbers, which could raise concerns about its customer verification practices.

另外，美國證券交易委員會（SEC）正在研究Coinbase先前是否提供了有關其用戶統計信息的不准確信息。據路透社報導，監管機構正在審查該公司先前報導的“經過驗證的用戶”數字，這可能引起人們對其客戶驗證實踐的擔憂。

However, Coinbase has denied any ongoing probe related to know-your-customer (KYC) or Bank Secrecy Act compliance. Chief Legal Officer Paul Grewal reportedly said that the investigation is a “hold-over” from the previous administration.

但是，Coinbase否認了與知識客戶（KYC）或銀行保密法的合規性有關的任何正在進行的調查。據報導，首席法律官保羅·格雷瓦爾（Paul Grewal）表示，調查是上屆政府的“持有”。

“This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public,” Grewal said. “While we strongly believe that this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.”

格雷瓦爾說：“這是先前政府的一項關於我們停止報告兩年半前報告的指標的持有調查，這已被完全披露給公眾。” “儘管我們堅信這項調查不應繼續，但我們仍致力於與SEC合作，以結束此事。”

The SEC’s interest reportedly continues despite the agency dropping an earlier lawsuit that accused Coinbase of operating without proper registration.

據報導，儘管該機構在未經適當註冊的情況下指控Coinbase進行操作，但SEC的利息仍在繼續。