管理內部人士風險至關重要：Coinbase最近針對其支持代理的勒索計劃表明了為什麼

在一個為什麼管理內部風險至關重要的示例中，加密貨幣交易所Coinbase宣布，這是內部人員實現的勒索計劃的目標。

Coinbase is the latest company to be targeted by cybercriminals in an attempt to extort millions. But what makes this case unique is that it was enabled by insiders and attempts to highlight the critical role that managing insider risk plays in today’s threat landscape.

Coinbase是網絡犯罪分子以勒索數百萬美元的最新公司。但是，使這種情況與眾不同的是，它是由內部人員實現的，並試圖強調管理內幕風險在當今威脅格局中發揮的關鍵作用。

According to a recent blog post by Coinbase, malicious actors recruited several overseas contractors who were support agents for the company to gain access to its systems. From there, the cybercriminals attempted to extort the company for USD20 million to cover up the data breach.

根據Coinbase最近的博客文章，惡意演員招募了幾位海外承包商，這些承包商是該公司訪問其係統的支持者。從那裡開始，網絡犯罪分子試圖將公司勒索為2000萬美元，以掩蓋數據洩露。

Earlier this year in Forrester’s The Top Cybersecurity Threats In 2025 report, Forrester called out a higher risk of insider threats due to disgruntlement, financial distress, and geopolitical conflict.

今年早些時候，在2025年報告中，福雷斯特（Forrester）在福雷斯特（Forrester）的最高網絡安全威脅中，福雷斯特（Forrester）呼籲由於不滿，財務困擾和地緣政治衝突而造成內幕威脅的較高風險。

According to a video from Coinbase chief executive officer Brian Armstrong (see video below), the cybercriminals were able to access personal information on less than 1% of the company’s monthly transacting users (MTUs). An 8-K filing indicates that the cybercriminals accessed company and customer data, including:

根據Coinbase首席執行官Brian Armstrong的視頻（請參見下面的視頻），網絡犯罪分子能夠訪問該公司每月交易用戶（MTU）不到1％的個人信息。 8-K申請表明網絡犯罪分子訪問了公司和客戶數據，包括：

* Customer names, email addresses, and postal addresses

*客戶名稱，電子郵件地址和郵政地址

* Phone numbers

*電話號碼

* Cryptocurrency addresses

*加密貨幣地址

* Transaction history on the platform

*平台上的交易歷史記錄

* Copies of customers’ government-issued identification

*客戶政府發行的身份證明的副本

* Social Security numbers for a small number of U.S. customers

*美國少數客戶的社會保險號

* Bank account numbers for a small number of U.S. customers who used a bank transfer to fund their account or request a withdrawal

*使用銀行轉移資助其帳戶或要求提款的少數美國客戶的銀行帳戶號

The company said that the attackers weren’t able to access any user passwords, private keys, or funds. Instead, the cybercriminals used the data accessed to social engineer Coinbase clients. Coinbase is dismissing the insiders involved in the incident and is pursuing criminal charges against them through international law enforcement entities.

該公司表示，攻擊者無法訪問任何用戶密碼，私鑰或資金。取而代之的是，網絡犯罪分子使用了與社會工程師Coinbase客戶訪問的數據。 Coinbase正在駁回參與事件的內部人士，並通過國際執法實體對他們提起刑事指控。

Estimating the impact

估計影響

Coinbase provided a preliminary estimate of expenses related to the incident that range from USD180–400 million, including remediation costs, customer reimbursements, and other potential costs. The actual total could be lower based on insurance claims. Breaches, however, do have a long tail, so once litigation begins, the number could just as easily increase in the years ahead.

Coinbase提供了與事件相關的費用的初步估計，該費用範圍為1.8億美元至4億美元，包括補救成本，客戶報銷和其他潛在費用。根據保險索賠，實際總數可以較低。但是，違規確實有很長的尾巴，因此一旦訴訟開始，該數字在未來幾年就可以很容易地增加。

Flipping the coin (script) on the extortionists

翻轉勒索主義者的硬幣（腳本）

In a move that is sure to surprise many, Coinbase is throwing the ransom request back in the face of the attackers — instead of paying up for the modest sum and hoping to close the book on this chapter quickly, they are putting the USD20 million toward a bounty for information leading to the arrest and conviction of the attackers. This seems to be a first — governments, such as the FBI and the US State Department through Rewards For Justice, have offered bounties, but no private-sector companies seem to have taken this approach.

一定會讓許多人感到驚訝的舉動，Coinbase將贖金請求歸還給襲擊者的面對面 - 而不是為了付出適度的金額付款，希望在本章中迅速關閉這本書，而是將2000萬美元投入了賞金，以獲取導致襲擊者被捕和定罪的信息。這似乎是第一個 - 聯邦調查局和美國國務院等政府提供的獎勵，但他們提供了賞金，但似乎沒有私營部門公司採取這種方法。

Rebuilding Customer Trust

重建客戶信任

The old adage “It’s not the crime; it’s the cover-up” applies to breaches. In this scenario, Coinbase is providing remarkably clear, specific, and transparent details about the incident and its impact. This ranges from its public statements and the video from its CEO to the bounty leading to the arrest of the individuals/groups involved and its required 8-K filing.

古老的格言“不是犯罪；這是掩蓋”適用於違規行為。在這種情況下，Coinbase提供了有關事件及其影響的明確，具體和透明的細節。這涉及其公開聲明和從首席執行官的視頻到賞金，導致涉嫌個人/團體的逮捕以及所需的8-K文件。

Coinbase is also being responsive and human in its actions. The company is directly addressing customer concerns (such as reimbursements for those tricked by the attackers into sending funds) and highlighting how customers can stay safe.

Coinbase在其行為中也具有反應和人類。該公司直接解決了客戶的疑慮（例如，攻擊者欺騙者索取資金的人的報銷），並強調客戶如何保持安全。

In the blog post, Coinbase points out that “crypto adoption depends on trust.” The seven levers of trust in Forrester’s trust imperative research include accountability, competence, transparency, and empathy. Coinbase is touching on each of these in its announcements and communications about the incident so far. Its behavior, in the short term, is demonstrating its commitment to rebuilding customer trust.

Coinbase在博客文章中指出：“加密採用取決於信任。” Forrester信任命令式研究的七個信任槓桿包括問責制，能力，透明度和同理心。 Coinbase在迄今為止有關該事件的公告和通訊中都在談論這些事件。在短期內，其行為正在證明其致力於重建客戶信任。

Beware Of Low-Cost International Expansion

當心低成本國際擴張

Coinbase’s announcement includes a warning that every business needs to take note of. Economic volatility is putting pressure on businesses to cut costs in various ways, and one way that companies are increasing efficiency is through offshoring. But international expansion brings with it cultural challenges, law enforcement differences, and stark contrasts in employee-to-employer loyalty. Coinbase is experiencing this firsthand. For those thinking that a combination of guardrails, agentic AI, and AI agents will solve this problem … well … generative AI is not immune to bribes either.

Coinbase的公告包括一個警告，每個企業都需要注意。經濟波動正向企業造成以各種方式降低成本的壓力，而公司提高效率的一種方式是通過離岸外包。但是國際擴張帶來了IT文化挑戰，執法差異以及員工與雇主忠誠度的鮮明對比。 Coinbase正在親身體驗這一第一手。對於那些認為護欄，代理AI和AI代理的組合將解決這個問題的人……好吧……生成的AI也不免受賄賂的影響。

Thwarting future social engineering attempts

挫敗未來的社會工程嘗試

The Coinbase breach was a combination of multiple human-element breach types that resulted in the social engineering of its customers. In addition to the transparency around the breach itself, Coinbase is providing all customers with best practices for keeping data and funds safe.

Coinbase漏洞是多種人元素違規類型的組合，導致了客戶的社會工程。除了違規本身的透明度外，Coinbase還為所有客戶提供了確保數據和資金安全的最佳實踐。

Coinbase is clearly stating that it will never ask for passwords or two-factor authentication codes and won’t call or text customers to provide information. It states, “If you receive this call, hang up the phone.”

Coinbase清楚地表明，它永遠不會要求密碼或兩因素身份驗證代碼，並且不會致電或發短信以提供信息。它說：“如果您接到此電話，掛斷電話。”

Encouraging customers, partners, and employees to pause and ask questions in the face of novelty, authority, and/or urgency is critical to disrupting social engineering attempts. It’s equally important to

鼓勵客戶，合作夥伴和員工在面對新穎，權威和/或緊迫性的情況下暫停並提出問題，對於破壞社會工程嘗試至關重要。同樣重要的是