Coinbase已确认网络犯罪分子偷走了敏感的客户数据

在一个重大的网络安全事件中，Coinbase证实，网络犯罪分子在一群贿赂的流氓海外支持代理商的帮助下，偷走了敏感的客户数据

Coinbase has fallen victim to a significant cybersecurity incident, in which a group of cybercriminals, aided by a group of bribed rogue overseas support agents, stole sensitive customer data in an attempt to extort the company for $20 million.

Coinbase已成为一项重大网络安全事件的受害者，其中一群网络犯罪分子在一群贿赂的流氓海外支持代理商的协助下，偷走了敏感的客户数据，以期将公司勒索以2000万美元的价格勒索公司。

The incident unfolded when the attackers contacted Coinbase via email on May 11, 2025, demanding a $20 million ransom in exchange for the stolen data. However, the largest U.S.-based cryptocurrency exchange refused to pay the ransom and instead opted to establish a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for the attack.

当攻击者于2025年5月11日通过电子邮件与Coinbase联系时，事件发生了，要求耗资2000万美元的赎金以换取被盗数据。但是，美国最大的加密货币交易所拒绝支付赎金，而是选择建立一个耗资2000万美元的奖励基金，以导致逮捕和定罪负责袭击的罪犯。

According to Coinbase’s official blog post dated May 15, 2025, the breach occurred when a small group of rogue customer support contractors, based overseas, were recruited by cybercriminals through cash bribes to exfiltrate data for less than 1% of Coinbase’s monthly transacting users.

根据Coinbase的官方博客帖子，日期为2025年5月15日，违反行为发生在网络犯罪分子通过现金贿赂以不到1％的Coinbase月份每月交易用户的不到1％的方式来删除数据时，违反了海外的一小部分流氓客户支持承包商。

Their goal was to compile a list of customers they could target by impersonating Coinbase, to deceive users into giving up their cryptocurrency. Subsequently, they attempted to blackmail Coinbase, demanding $20 million to keep the breach hidden. But Coinbase refused the offer.

他们的目标是通过假冒Coinbase来汇编他们可以针对的客户列表，以欺骗用户放弃加密货币。随后，他们试图勒索Coinbase，要求2000万美元以保持违规行为。但是Coinbase拒绝了要约。

“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase wrote in a Thursday blog post.

Coinbase在周四博客中写道：“网络罪犯贿赂并招募了一群流氓海外支持代理商，以窃取Coinbase客户数据，以促进社会工程攻击。这些内部人士滥用了他们对客户支持系统的访问，以窃取一小部分客户的帐户数据。”

“No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched.”

“没有曝光密码，私钥或资金，也没有对Coinbase Prime帐户进行触摸。”

Coinbase has said it is taking full responsibility for protecting affected users, who will be contacted via email on May 15. Impacted customers will be reimbursed if they were fooled into transferring funds to scammers due to social engineering attacks.

Coinbase表示，将对保护受影响的用户承担全部责任，这些用户将于5月15日通过电子邮件与他们联系。如果由于社会工程攻击，受影响的客户将被欺骗将资金转移到诈骗者的情况下。

The company is also rolling out tighter withdrawal controls, as flagged accounts will now require additional identity verification for large transactions, along with new scam-awareness prompts. It is opening a new support hub in the U.S. and adding stronger security controls and monitoring across all locations.

该公司还将推出更严格的提款控件，因为标记的帐户现在将需要大型交易的其他身份验证以及新的骗局意识提示。它正在美国开放一个新的支持中心，并在所有位置增加了更强的安全控制和监视。

Additionally, to prevent future breaches, the company has increased investments in insider threat detection, security threat simulation, and automated response to identify similar security threats in its infrastructure.

此外，为了防止未来的违规行为，该公司增加了对内部威胁检测，安全威胁模拟和自动响应的投资，以确定其基础设施中的类似安全威胁。

Rather than pay the ransom, Coinbase is offering a $20 million bounty to anyone who can help bring the perpetrators to justice. The company is also working closely with U.S. and international law enforcement and has already fired the exchange staff involved in the breach. It will press criminal charges.

Coinbase并没有支付赎金，而是向任何可以帮助将肇事者绳之以法的人提供了2000万美元的赏金。该公司还与美国和国际执法部门紧密合作，并已经解雇了涉及违规的交换人员。它将按照刑事指控。

“Working with industry partners, we’ve tagged the attackers’ addresses so the authorities can track and work to recover assets,” the company added.

该公司补充说：“与行业合作伙伴合作，我们已经标记了攻击者的地址，以便当局可以跟踪和努力追回资产。”

Coinbase is urging customers to remain vigilant, as imposters may try to exploit the situation by posing as Coinbase employees. The company will never ask for passwords or 2FA codes, or ask users to move funds or assets to a specific or new address, account, vault or wallet, or call or text users to move funds to a “safe” wallet.

Coinbase正在敦促客户保持警惕，因为冒名顶替者可能试图通过担任Coinbase员工来利用这种情况。公司永远不会要求密码或2FA代码，或要求用户将资金或资产转移到特定或新的地址，帐户，金库或钱包，或致电或文本用户将资金移至“安全”钱包。

If this happens, the crypto exchange suggests users hang up on imposters, immediately lock their account in the app, and email at [email protected] to report suspicious activity.

如果发生这种情况，加密交易所建议用户挂在冒险者身上，立即将其帐户锁定在应用程序中，并通过[电子邮件保护]来报告可疑活动。

To protect against any potential data breach, Coinbase recommends that its users enable two-factor authentication (2FA) and turn on withdrawal allow-listing for secure transfers.

为了防止任何潜在的数据泄露，Coinbase建议其用户启用两因素身份验证（2FA），并打开撤回允许上的允许上班，以进行安全转移。

“To the customers affected, we’re sorry for the worry and inconvenience this incident caused. We’ll keep owning issues when they arise and investing in world class defenses—because that’s how we protect our customers and keep the crypto economy safe for everyone,” Coinbase concluded.

Coinbase总结说：“对于受影响的客户，我们为这一事件带来的担忧和不便感到抱歉。当问题出现并投资于世界一流的防御措施时，我们将继续拥有问题，因为这就是我们保护客户的方式并确保每个人的加密经济安全。”