Coinbase透露，這是海外客戶代表的社會工程攻擊的目標

Coinbase透露，最近的安全漏洞涉及其用戶群的一小部分是針對性的社會工程攻擊的結果。該公司表示，犯罪分子試圖獲取客戶數據，向海外客戶代表賄賂。

Coinbase has revealed that a recent security breach, which affected a small portion of its user base, was the result of a targeted social engineering attack.

Coinbase透露，最近的安全漏洞影響了其用戶群的一小部分，是針對性的社會工程攻擊的結果。

According to a blog post by Coinbase CEO Brian Armstrong, customer representatives were offered bribes by criminals in an attempt to gain access to customer data. In response, Coinbase launched an investigation and refused to give in to a $20 million ransom demanded by the attackers.

根據Coinbase首席執行官Brian Armstrong的博客文章，犯罪分子向客戶代表賄賂，以試圖訪問客戶數據。作為回應，Coinbase發起了一項調查，拒絕屈服於攻擊者要求的2000萬美元贖金。

The incident, which began in early 2023, affected fewer than 1% of users each month and involved hackers stealing user credentials and attempting to factor two-factor authentication (2FA) codes.

該事件始於2023年初，每月影響少於1％的用戶，並涉及黑客竊取用戶憑據並試圖考慮兩因素身份驗證（2FA）代碼。

Stolen Data Includes IDs, Contacts—Private Keys Remain Secure

被盜的數據包括ID，聯繫人 - 私人鑰匙保持安全

To be transparent, Coinbase said that while the attackers took some customer data, no sensitive data was affected and user accounts were fully secure. The stolen information involved names, addresses, phone numbers, and email addresses. It also includes some restricted financial data, such as disguised Social Security numbers and bank account information.

為了保持透明，Coinbase說，攻擊者採集了一些客戶數據，但沒有影響敏感數據，並且用戶帳戶完全安全。被盜的信息涉及名稱，地址，電話號碼和電子郵件地址。它還包括一些受限制的財務數據，例如偽裝的社會保險號和銀行帳戶信息。

Hackers also stole some documents and training files. Moreover, they accessed records containing ID images and past transactions. They could not get login secrets, private keys, or two-factor verification codes, nor were they able to get into or send funds through Coinbase or its customers’ accounts.

黑客還偷走了一些文檔和培訓文件。此外，他們訪問了包含ID圖像和過去交易的記錄。他們無法獲得登錄秘密，私鑰或兩因素驗證代碼，也無法通過Coinbase或其客戶的帳戶進入或發送資金。

Coinbase chose not to pay the requested ransom and decided to face the attack from the beginning. Coinbase said that it would repay users who lost money due to the social engineering tactic.

Coinbase選擇不支付要求的贖金，並決定從一開始就面對襲擊。 Coinbase表示，由於社會工程策略，它將償還損失資金的用戶。

To protect against similar situations, Coinbase has added several additional security systems. They include making it harder to transfer a lot of funds, setting up a support center in the U.S. with improved supervision, and expanding ways to detect and block suspicious actions.

為了防止類似情況，Coinbase增加了幾個其他安全系統。它們包括使很難轉移大量資金，通過改進的監督在美國建立支持中心，並擴大檢測和阻止可疑行動的方法。

Coinbase decided not to pay the ransom and instead declared a $20 million reward for any information leading to the arrest of the people responsible. First, they are actively searching for the stolen funds. Additionally, they are working with police from the United States and other countries. Coinbase instantly removed the employees involved and reported them to authorities for criminal charges.

Coinbase決定不支付贖金，而是宣布了導致逮捕負責人的任何信息的2000萬美元獎勵。首先，他們正在積極尋找被盜的資金。此外，他們正在與美國和其他國家的警察合作。 Coinbase立即將相關員工撤職，並將其報告給當局以要求刑事指控。

Coinbase Alerts Users to Stay Vigilant Against Fraud Attempts

Coinbase提醒用戶對欺詐嘗試保持警惕

Meanwhile, Coinbase has reached out to users, informing them and advising all customers on how to protect themselves from similar fraud. Coinbase sent a reminder to all users, stating it does not request login details, 2FA codes, or transfers to unknown destinations.

同時，Coinbase已與用戶聯繫，通知他們，並向所有客戶提供有關如何保護自己免受類似欺詐的建議。 Coinbase向所有用戶發送了一個提醒，並指出它不要求登錄詳細信息，2FA代碼或轉移到未知目的地。

Armstrong noted that the company is interested in expanding globally, either by acquisition or partnerships.

阿姆斯特朗指出，該公司有興趣通過收購或合作夥伴關係在全球範圍內擴展。

Despite the event, Coinbase has accomplished a significant achievement. Coinbase recently achieved a major milestone by being the first crypto firm to be part of the S&P 500 Index. Many see the S&P 500’s interest in Coinbase as a good omen for cryptocurrency’s increase in popularity.

儘管發生了這一事件，但Coinbase取得了重大成就。 Coinbase最近是第一個成為標準普爾500指數一部分的加密公司，實現了一個重要的里程碑。許多人認為標準普爾500對Coinbase的興趣是加密貨幣受歡迎程度提高的好兆頭。