Coinbase的最新數據洩露引發了有關集中交易所（CEXS）和分散融資（DEFI）協議之間的安全權衡的更廣泛辯論。

Coinbase在5月15日分享的博客文章中，標題為“保護我們的客戶 - 堅持勒索主義者”，在攻擊者的支持下，它拒絕在攻擊者的支持後拒絕支付2000萬美元的贖金，並獲得了私人客戶數據的支持。

A recent data breach at Coinbase has sparked a broader debate about the security tradeoffs between centralized exchanges (CEXs) and decentralized finance (DeFi) protocols.

Coinbase的最新數據洩露引發了有關集中交易所（CEXS）和分散融資（DEFI）協議之間的安全權衡的更廣泛辯論。

After attackers, who were aided by bribed "insiders," gained access to private customer data and threatened to release it unless they were paid $20 million, the CEX refused to pay the ransom, promising instead to fully reimburse users who lost funds due to the phishing attacks that followed the breach.

在受賄賂“內部人士”協助的攻擊者之後，獲得了私人客戶數據的訪問權限，並威脅要發布攻擊者，除非他們獲得了2000萬美元的付款，否則CEX拒絕支付贖金，並承諾完全報銷由於違規行為後的網絡釣魚攻擊而損失資金的用戶。

The stolen information included names, addresses, ID documents and the last four digits of Social Security numbers. Coinbase claims that no passwords, private keys or customer funds were accessed, and also that only 1% of Coinbase's users were affected by the breach.

被盜的信息包括名稱，地址，ID文檔和社會安全號碼的最後四位數字。 Coinbase聲稱沒有訪問密碼，私鑰或客戶資金，而且只有1％的Coinbase用戶受到違規影響。

Earlier this year, blockchain sleuth ZachXBT reported that Coinbase users lose over $300 million annually to social engineering scams, highlighting just how damaging such data leaks have been to Coinbase users in the past.

今年早些時候，區塊鏈Suluth Zachxbt報告說，Coinbase用戶每年對社會工程騙局的損失超過3億美元，這強調了過去對Coinbase用戶的破壞性損害程度。

While the CEX has taken active steps to address the breach, such as firing those it believes were involved and offering a $20 million reward for information leading to arrests, the incident has highlighted the differences in security between centralized and decentralized infrastructure.

儘管CEX採取了積極的措施來解決違規行為，例如解僱它認為參與其中的違規行為，並為導致逮捕的信息提供了2000萬美元的獎勵，但該事件強調了集中化基礎設施和分散的基礎設施之間的安全差異。

Single Points of Failure

單點

"The Coinbase incident, yet again, highlights how vulnerable centralized systems and single points of failure are to attacks," David Carvalho, founder and CEO of Naoris Protocol, told The Defiant. "Cybercriminals know this and are becoming more and more adept at exploiting these weaknesses to gain an edge."

Naoris協議的創始人兼首席執行官David Carvalho告訴Defiant：“ Coinbase事件再次凸顯了攻擊脆弱的集中系統和單一失敗的攻擊。” “網絡犯罪分子知道這一點，並且越來越擅長利用這些弱點來獲得優勢。”

According to Carvalho, this problem is only going to get worse, with the only solution being decentralized security that removes single points of failure.

根據Carvalho的說法，這個問題只會變得更糟，唯一的解決方案是分散的安全性可以消除單個失敗。

"The bottom line is that any sensitive information or data should be protected by a decentralized system, rather than human gatekeepers," he added.

他補充說：“最重要的是，任何敏感的信息或數據都應由分散的系統而不是人類看門人保護。”

Phil Mataras, founder of Arweave-based permanent cloud network AR.IO, agreed, noting that breaches like this aren't just unfortunate - they're structural.

總部位於ARWEAVE的永久云網絡Ar.io的創始人Phil Mataras同意，並指出這樣的違規不僅不幸 - 它們是結構性的。

"They highlight how much of the infrastructure in crypto still depends on centralized, opaque systems that replicate the vulnerabilities of Web2," he explained. "When access and trust concentrate in one organization, a single error or insider threat can compromise millions."

他解釋說：“它們突出了加密中的基礎架構仍取決於復制Web2脆弱性的集中式不透明系統。” “當訪問和信任集中在一個組織中時，單個錯誤或內部威脅可能會損害數百萬。”

According to Mataras, security at large isn't just about vetting or taking quicker action - it's about the underlying architecture.

根據Mataras的說法，整個安全性不僅僅是審查或採取更快的行動 - 這是關於基礎架構的。

"Systems need to minimize trust by default - distribute control, make operations transparent, and ensure critical data can't be silently altered or lost," he said. "This is the essence of transitioning to a decentralized web, and it's crucial for institutions like exchanges to prioritize this shift."

他說：“默認情況下，系統需要最大程度地減少信任 - 分配控制，使操作透明，並確保不能默默改變或丟失關鍵數據。” “這是過渡到分散網絡的本質，對於像交流這樣的機構以優先考慮這一轉變至關重要。”

DeFi Risks

Defi風險

DeFi platforms carry their own security risks, explained Carvalho.

Carvalho解釋說，Defi平台有自己的安全風險。

"Most 'decentralized' exchanges still depend heavily on centralized components, like frontend interfaces hosted on traditional servers, APIs running on corporate infrastructure, oracles pulling data from centralized sources, and cross-chain bridges managed by small groups of developers. When these elements fail - which they often do due to bridge hacks and oracle manipulations - the decentralization facade quickly fades," he explained.

“大多數'分散'的交流仍然很大程度上取決於集中式組件，例如在傳統服務器上託管的前端界面，在公司基礎設施上運行的API，從集中式來源中撤出數據，以及由小組開發人員管理的跨鏈橋樑，這些元素通常是由於這些元素而造成的。

Even if the blockchain layer is distributed, the surrounding infrastructure stack is centralized, and this creates vulnerabilities that sophisticated attackers can and will exploit, added Carvalho.

即使分佈區塊鏈層，周圍的基礎架構堆棧也是集中的，這會產生脆弱的攻擊者可以而且將利用這些脆弱性，還增加了Carvalho。

"There's a pressing need for complete decentralization throughout the technology stack, not just at the token level," he said. "This includes deploying decentralized storage solutions, developing truly trustless cross-chain protocols, and creating immutable and verifiable data structures."

他說：“在整個技術堆棧中，不僅在代幣層面上都需要完全分散的情況。” “這包括部署分散的存儲解決方案，開發真正無信任的跨鏈協議，並創建不變和可驗證的數據結構。”

Patrick Young, head of Galxe, added that while decentralized exchanges (DEXs) do offer users more control, they sometimes lack comprehensive identity protections, which leaves them vulnerable to bots, sybil attacks, and front-running.

Galxe負責人帕特里克·揚（Patrick Young）補充說，儘管分散的交流（DEX）確實為用戶提供了更多的控制權，但有時他們缺乏全面的身份保護措施，這使他們容易受到機器人，Sybil攻擊和正面運行的影響。

"What's needed is an evolution in how we approach identity and verification across both models - solutions that don’t just collect data, but protect it and enable platforms to verify legitimacy while maintaining privacy," said Young. "This isn't about choosing DEX over CEX, but ensuring both routes are secure, compliant, and built to foster user trust."

Young說：“需要的是我們如何在這兩種模型中進行身份和驗證的發展 - 不僅收集數據的解決方案，而且可以保護數據，並使平台能夠在保持隱私的同時驗證合法性。” “這並不是要選擇DEX上的DEX，而是確保這兩種路線都是安全的，合規的，並且可以促進用戶信任。”

SEC Investigation

SEC調查

Coinbase on Thursday also confirmed that the U.S. Securities and Exchange Commission (SEC) was investigating whether it misstated its user numbers. Specifically, the SEC is looking into the number of "verified users," which Coinbase has claimed is more than 100 million.

Coinbase週四還確認，美國證券交易委員會（SEC）正在調查其用戶數量是否錯誤。具體來說，SEC正在研究Coinbase聲稱的“經過驗證的用戶”的數量超過1億。

According to data from Dune Analytics, Coinbase hosts around 167 million unique addresses. However, in a recent SEC filing, the platform had around 9.7 million monthly transacting users in Q1 2025.

根據Dune Analytics的數據，Coinbase主持了約1.67億個獨特的地址。但是，在最近的SEC文件中，該平台在第1季度2025年的每月交易用戶約為970萬。

“This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public. We explained that the verified users metric includes anyone who verified their email address or phone number with us, so it may overstate the number of unique customers, and the footnote in the proxy statement disclosing this was broadly covered in the press at

“這是先前政府對我們停止報告兩年半前報告的指標進行的一項持有調查，該指標已完全披露給公眾。我們解釋說，經過驗證的用戶指標包括任何與我們驗證他們的電子郵件地址或電話號碼的人，因此它可能會誇大其詞的唯一客戶數量，並且在代理上披露的腳註披露，在媒體上廣泛涵蓋了媒體的範圍。