Coinbase确认流氓员工的数据泄露，提供2000万美元的赏金

在一个通过加密货币行业引起冲击波的网络攻击中，世界上最大的加密货币交易所之一Coinbase证实了数据泄露

Coinbase (NASDAQ:COIN) has disclosed a data breach affecting less than 1% of its 9.7 million monthly active users (MAUs), impacting less than 0.1% of its total user accounts. The breach was the result of an insider threat, with several overseas support contractors being bribed by cybercriminals to pull personal data from internal systems.

Coinbase（NASDAQ：COIN）披露了一个数据泄露，影响其每月活跃用户（MAUS）的1％不到1％，影响了其总用户总帐户的0.1％。违规是内幕威胁的结果，网络犯罪分子贿赂了几个海外支持承包商，以从内部系统中获取个人数据。

This information was used to launch a social engineering campaign, where the attackers impersonated Coinbase to defraud users and ultimately demanded a $20 million ransom to keep the stolen data private. However, Coinbase refused to pay up and is instead offering a $20 million bounty for information leading to the arrest and conviction of those involved.

这些信息用于发起社会工程活动，攻击者冒充欺诈用户的Coinbase，并最终要求耗资2000万美元的赎金以使被盗的数据私有。但是，Coinbase拒绝付款，而是为逮捕和定罪的信息提供了2000万美元的赏金。

What Happened

发生了什么

According to a regulatory filing and a statement by Coinbase, several support contractors in countries outside the U.S. were targeted by cybercriminals. The attackers used advanced AI and deepfake technologies to create highly convincing phishing messages and video calls, luring the contractors into divulging small amounts of personal data from internal systems.

根据监管文件和Coinbase的声明，美国以外国家的几个支持承包商是网络犯罪分子的目标。攻击者使用先进的AI和DeepFake技术来创建高度令人信服的网络钓鱼消息和视频通话，使承包商从内部系统中泄露了少量的个人数据。

This data was used to launch a social engineering campaign on a smaller subset of Coinbase users. The attackers contacted these users via email, phone, and text messages, impersonating Coinbase in attempts to deceive users into transferring their crypto to attackers’ wallets.

该数据用于在较小的Coinbase用户子集上启动社会工程活动。攻击者通过电子邮件，电话和短信与这些用户联系，并试图欺骗用户将其加密货币转移到攻击者的钱包中。

Crucially, no funds, passwords, private keys, or 2FA credentials were compromised, and Coinbase Prime users were not affected. However, the breach triggers alarm due to the nature of the stolen data and the method of infiltration.

至关重要的是，没有损害资金，密码，私钥或2FA凭据，而Coinbase Prime用户也没有受到影响。但是，由于被盗数据的性质和渗透方法，违规行为会触发警报。

Coinbase's Response

Coinbase的回应

Coinbase is taking several steps to remediate the breach and protect its users. The company has notified all affected users and is offering to reimburse any customer who was tricked by the scammers into sending them any funds.

Coinbase正在采取几个步骤来补救违规并保护其用户。该公司已通知所有受影响的用户，并提出要偿还任何被骗子欺骗的客户，以向他们发送任何资金。

Coinbase is also placing stricter withdrawal protocols on the affected accounts, adding new layers of ID verification and scam-awareness prompts before any attempt to withdraw funds.

Coinbase还将更严格的提款协议放在受影响的帐户上，在任何尝试撤回资金之前，都会添加ID验证和骗局意识提示的新层。

In the long term, Coinbase is establishing a new U.S.-based customer support hub and rolling out an advanced insider-threat detection system across all of its global support centers. The rogue employees have been terminated and referred for prosecution, and the company is working closely with law enforcement agencies in multiple countries to identify and apprehend the criminals.

从长远来看，Coinbase正在建立一个新的美国客户支持中心，并在其所有全球支持中心推出高级内部威胁检测系统。流氓雇员已被终止并转介起诉，该公司正在与多个国家的执法机构紧密合作，以识别和逮捕罪犯。

“Trust is foundational to crypto adoption,” the company said. “We’re sorry for the concern this incident caused and remain committed to protecting our users at every step.”

该公司表示：“信任是加密采用的基本。” “我们为这一事件引起的担忧，并继续致力于保护我们的用户的每一步。”

Expert's Take

专家的看法

This incident highlights the growing sophistication of cybercriminals, especially those exploiting human fallibility rather than technical flaws. As new technologies like AI and deepfakes become more accessible, they are being used by these actors to bypass traditional fraud prevention measures.

这一事件凸显了网络犯罪分子的成熟程度，尤其是那些利用人类谬误而不是技术缺陷的人。随着AI和Deepfakes等新技术变得越来越易于​​使用，这些参与者正在使用它们来绕过传统的欺诈预防措施。

“We are at an inflection point in digital trust,” said Nick Jones, CEO of crypto platform Zumo. “As our nascent industry grows rapidly, it draws the eye of bad actors who are now harnessing AI tools to an unprecedented degree.”

Crypto Platform Zumo的首席执行官Nick Jones说：“我们处于数字信托的概要点。” “随着我们新生的行业发展迅速，它吸引了现在正在利用AI工具前所未有的学位的坏演员的眼睛。”

Jones noted the timing of the breach is especially painful for Coinbase, which recently acquired Deribit in one of the largest digital market deals and was added to the S&P 500—milestones that mark it as a global industry leader. He added that institutions are also investing heavily in blockchain and Web3 technologies.

琼斯指出，违规的时机对Coinbase特别痛苦，后者最近在最大的数字市场交易之一中获得了Deribit，并被添加到标准普尔500标准普尔（S＆P 500）中，即标记为全球行业领导者的米尔斯坦。他补充说，机构还在区块链和Web3技术上进行大量投资。

However, Jones pointed out the EU is rolling out new legislation like DORA to ensure the resilience of the financial services supply chain and enforce stricter standards of data hygiene. “This attack makes a compelling case for similar legislation and best practices to be adopted across crypto platforms.”

但是，琼斯指出，欧盟正在制定诸如多拉之类的新立法，以确保金融服务供应链的韧性和执行更严格的数据卫生标准。 “这次攻击为类似的立法和在加密平台之间采用的最佳实践提供了令人信服的案例。”