Coinbase（NASDAQ：COIN）拒絕支付2000萬美元的比特幣勒索勒姆（Bit Coin Ransom）已有裸露的系統脆弱性

Coinbase（NASDAQ：COIN）拒絕支付2000萬美元的比特幣贖金，這使系統脆弱性依賴於海外承包商

Coinbase (NASDAQ:) encountered a sophisticated cybercrime operation in which criminals bribed customer support agents to provide sensitive data on 6,000 users, part of a broader years-long pattern of social engineering scams that have drained hundreds of millions of dollars from the exchange’s customers, multiple sources told Protos.

Coinbase（NASDAQ :)遇到了一個複雜的網絡犯罪行動，其中犯罪分子賄賂客戶支持代理商，向6,000名用戶提供敏感數據，這是多年來的社會工程騙局的一部分，這些騙局已從交易所的客戶那裡耗盡了數億美元，這些騙局耗盡了數億美元。

The criminals then used the stolen government IDs, Social Security numbers, and bank details to carry out phishing scams on users, aiming to steal their crypto. Less than 1% of Coinbase’s monthly users were affected by the breach, which began in early 2022.

然後，罪犯使用被盜的政府ID，社會保險號和銀行的詳細信息來對用戶進行網絡釣魚騙局，以竊取其加密貨幣。 Coinbase的每月用戶中只有不到1％受到2022年初開始的違規影響。

After discovering the breach, and the potential private key theft, Coinbase was subject to a $20 million extortion attempt to cover up the incident, according to internal communications seen by Protos. But despite the size of the sum, and the potential legal and reputational fallout, Coinbase refused to pay.

根據Protos的內部通信，發現違規行為和潛在的私鑰盜竊案後，Coinbase遭受了2000萬美元的勒索嘗試來掩蓋這一事件。但是，儘管這筆款項的規模以及潛在的法律和聲譽後果，但Coinbase拒絕付款。

Instead, Coinbase offered a $20 million bounty for information leading to arrests, a symbolic gesture that did little to quell investor unease, with COIN shares slipping 5% in premarket trading on Monday.

取而代之的是，Coinbase提供了一筆2000萬美元的賞金，以提供導致逮捕的信息，這一象徵性的姿態對平息投資者的不安幾乎無濟於事，週一，硬幣股票在上市交易中下跌了5％。

Coinbase also disclosed potential costs of $180 million to $400 million for reimbursing scammed customers and covering legal expenses, part of a broader $300 million to $400 million range of costs related to the incident, according to a company spokesperson.

據公司發言人稱，Coinbase還披露了報銷騙子的客戶並涵蓋法律支出的潛在費用為1.8億至4億美元，這是與此事件相關的3億至4億美元範圍的一部分。

Coinbase said the incident never involved exposure of private keys, login credentials, account or wallet access, or any means for the criminals to move customer funds themselves.

Coinbase表示，該事件從未涉及私鑰，登錄憑證，帳戶或錢包的訪問或罪犯自行移動客戶資金的任何手段。

However, this incident is not an outlier but a symptom of Coinbase’s chronic security gaps and its reliance on overseas contractors for cost-cutting.

但是，這一事件不是異常值，而是Coinbase的長期安全差距及其依賴海外承包商降低成本的症狀。

According to blockchain investigator ZachXBT, who has been tracking the scams since last year, Coinbase is losing around $300 million annually to social engineering scams, far more than rivals like Binance and Kraken.

自去年以來一直在追踪騙局的區塊鏈調查員Zachxbt表示，Coinbase每年損失約3億美元的社會工程騙局，遠遠超過了Binance和Kraken等競爭對手。

In May alone, ZachXBT documented how $45 million was stolen through fraudulent recovery services impersonating Coinbase support, an enterprise-level scam that was enabled by lax third-party vetting.

僅在5月，Zachxbt記錄瞭如何通過欺詐性的恢復服務來盜竊4500萬美元，該服務冒充Coinbase Support，這是一種由LAX第三方審查來實現的企業級騙局。

Coinbase did not respond to a request for comment.

Coinbase沒有回應置評請求。

According to internal documents and conversations with former employees, who spoke on condition of anonymity due to nondisclosure agreements, the bribery began with a small number of customer support agents at an offshore contractor, exploiting minimal training and supervision.

根據內部文件和與前僱員的對話，他們在不公開協議的情況下進行了匿名性，賄賂始於離岸承包商的少數客戶支持代理商，利用了最小的培訓和監督。

“These support teams are often outsourced to India and the Philippines, where the focus is on handling high volumes of tickets quickly and efficiently, and the level of training and supervision can be minimal,” said a former compliance officer at a major crypto firm, who asked not to be named.

“這些支持團隊通常被外包給印度和菲律賓，在這裡，重點是快速有效地處理大量門票，培訓和監督的水平可能很小，”一家主要加密貨幣公司的一名前合規官說，他要求不要命名。

“In such a setting, it’s easier for bad actors to slip through the cracks and exploit any vulnerabilities they find.”

“在這種情況下，壞演員更容易在裂縫中滑倒並利用他們發現的任何漏洞。”

Beginning with low-level employees accepting bribes as small as a few thousand dollars, the criminals gradually gained access to more sensitive data and higher-level employees.

從低級員工接受賄賂至幾千美元的賄賂開始，罪犯逐漸獲得了更敏感的數據和更高級別的員工的訪問權。

Finally, they reached a department head, who had access to a database with details on 6,000 users, part of less than 1% of Coinbase’s monthly users at the time.

最後，他們到達了一個部門負責人，他可以訪問一個數據庫，其中有6,000名用戶的詳細信息，這是當時Coinbase每月用戶不到1％的一部分。

To extort the exchange, the criminals planned to use the stolen data to create highly convincing phishing scams, impersonating Coinbase and aiming to steal remaining user funds.

為了勒索交易所，犯罪分子計劃使用被盜的數據來創建高度令人信服的網絡釣魚騙局，模仿Coinbase並旨在竊取剩餘的用戶資金。

After learning of the breach, Coinbase cooperated fully with authorities to conduct an investigation and identify the individuals involved in the scam.

得知違規行為後，Coinbase與當局完全合作，進行調查並確定涉及騙局的人。

The investigation, which is still ongoing, has led to the arrest of several individuals in different countries.

該調查仍在進行中，導致在不同國家逮捕了幾個人。

Coinbase is also continuing to notify affected users and offer them support.

Coinbase還繼續通知受影響的用戶並為他們提供支持。

In a statement, a Coinbase spokesperson said: “We have zero tolerance for any unlawful activity and are actively cooperating with authorities to pursue the harshest penalties possible against those involved in this incident.”

一位Coinbase發言人在一份聲明中說：“我們對任何非法活動的容忍度為零，並且正在與當局積極合作，以對這一事件涉及的人採取最嚴厲的懲罰。”

The spokesperson added that Coinbase is committed to maintaining the security of its platform and protecting the assets of its users.

發言人補充說，Coinbase致力於維護其平台的安全性並保護其用戶的資產。

“We take this responsibility very seriously and are constantly investing in new technologies and procedures to stay ahead of evolving threats,” the spokesperson said.

發言人說：“我們非常重視這一責任，並不斷投資於新技術和程序，以保持不斷發展的威脅。”

Coinbase’s growth-at-all-costs model, evident in its rapid expansion into new markets and services, has been a key focus for investors.

Coinbase的全成本模型在快速擴展到新市場和服務方面顯而易見，一直是投資者的重點。

However, some critics argue that this focus on growth has come at the expense of security, as the company struggled to keep pace with the increasing sophistication of cybercriminals.

但是，一些批評家認為，這種對增長的關注是以犧牲安全為代價的，因為該公司努力與網絡犯罪分子的成熟程度保持同步。

“Coinbase is a big target for scammers, and they’ve been hit hard by a variety of scams over the years,” said Taylor Monahan, a security researcher who has written extensively on crypto scams.

安全研究人員泰勒·莫納漢（Taylor Monahan）說：“ Coinbase是詐騙者的主要目標，而且多年來都被各種騙局擊中。”

“The company has certainly been working to improve its security, but it’s an ongoing battle.”

“該公司當然一直在努力提高其安全性，但這是一場持續的戰鬥。”

Monahan said that the average weekend takeover of a crypto exchange now yields around $50 million in stolen user funds, showcasing the large-scale nature of the scams.

莫納漢（Monahan）說，平均週末收購加密貨幣交易所（Crypto Exchange）現在產生了約5000萬美元的被盜用戶資金，展示了騙局的大規模性質。

She also slammed Coinbase’s new in-wallet messaging feature as a “direct, encrypted line for scammers

她還抨擊了Coinbase的新內壁消息傳遞功能，作為“直接，加密的騙子線