Coinbase的最新数据泄露引发了有关集中交易所（CEXS）和分散融资（DEFI）协议之间的安全权衡的更广泛辩论。

Coinbase在5月15日分享的博客文章中，标题为“保护我们的客户 - 坚持勒索主义者”，在攻击者的支持下，它拒绝在攻击者的支持后拒绝支付2000万美元的赎金，并获得了私人客户数据的支持。

A recent data breach at Coinbase has sparked a broader debate about the security tradeoffs between centralized exchanges (CEXs) and decentralized finance (DeFi) protocols.

Coinbase的最新数据泄露引发了有关集中交易所（CEXS）和分散融资（DEFI）协议之间的安全权衡的更广泛辩论。

After attackers, who were aided by bribed "insiders," gained access to private customer data and threatened to release it unless they were paid $20 million, the CEX refused to pay the ransom, promising instead to fully reimburse users who lost funds due to the phishing attacks that followed the breach.

在受贿赂“内部人士”协助的攻击者之后，获得了私人客户数据的访问权限，并威胁要发布攻击者，除非他们获得了2000万美元的付款，否则CEX拒绝支付赎金，并承诺完全报销由于违规行为后的网络钓鱼攻击而损失资金的用户。

The stolen information included names, addresses, ID documents and the last four digits of Social Security numbers. Coinbase claims that no passwords, private keys or customer funds were accessed, and also that only 1% of Coinbase's users were affected by the breach.

被盗的信息包括名称，地址，ID文档和社会安全号码的最后四位数字。 Coinbase声称没有访问密码，私钥或客户资金，而且只有1％的Coinbase用户受到违规影响。

Earlier this year, blockchain sleuth ZachXBT reported that Coinbase users lose over $300 million annually to social engineering scams, highlighting just how damaging such data leaks have been to Coinbase users in the past.

今年早些时候，区块链Suluth Zachxbt报告说，Coinbase用户每年对社会工程骗局的损失超过3亿美元，这强调了过去对Coinbase用户的破坏性损害程度。

While the CEX has taken active steps to address the breach, such as firing those it believes were involved and offering a $20 million reward for information leading to arrests, the incident has highlighted the differences in security between centralized and decentralized infrastructure.

尽管CEX采取了积极的措施来解决违规行为，例如解雇它认为参与其中的违规行为，并为导致逮捕的信息提供了2000万美元的奖励，但该事件强调了集中化基础设施和分散的基础设施之间的安全差异。

Single Points of Failure

单点

"The Coinbase incident, yet again, highlights how vulnerable centralized systems and single points of failure are to attacks," David Carvalho, founder and CEO of Naoris Protocol, told The Defiant. "Cybercriminals know this and are becoming more and more adept at exploiting these weaknesses to gain an edge."

Naoris协议的创始人兼首席执行官David Carvalho告诉Defiant：“ Coinbase事件再次凸显了攻击脆弱的集中系统和单一失败的攻击。” “网络犯罪分子知道这一点，并且越来越擅长利用这些弱点来获得优势。”

According to Carvalho, this problem is only going to get worse, with the only solution being decentralized security that removes single points of failure.

根据Carvalho的说法，这个问题只会变得更糟，唯一的解决方案是分散的安全性可以消除单个失败。

"The bottom line is that any sensitive information or data should be protected by a decentralized system, rather than human gatekeepers," he added.

他补充说：“最重要的是，任何敏感的信息或数据都应由分散的系统而不是人类看门人保护。”

Phil Mataras, founder of Arweave-based permanent cloud network AR.IO, agreed, noting that breaches like this aren't just unfortunate - they're structural.

总部位于ARWEAVE的永久云网络Ar.io的创始人Phil Mataras同意，并指出这样的违规不仅不幸 - 它们是结构性的。

"They highlight how much of the infrastructure in crypto still depends on centralized, opaque systems that replicate the vulnerabilities of Web2," he explained. "When access and trust concentrate in one organization, a single error or insider threat can compromise millions."

他解释说：“它们突出了加密中的基础架构仍取决于复制Web2脆弱性的集中式不透明系统。” “当访问和信任集中在一个组织中时，单个错误或内部威胁可能会损害数百万。”

According to Mataras, security at large isn't just about vetting or taking quicker action - it's about the underlying architecture.

根据Mataras的说法，整个安全性不仅仅是审查或采取更快的行动 - 这是关于基础架构的。

"Systems need to minimize trust by default - distribute control, make operations transparent, and ensure critical data can't be silently altered or lost," he said. "This is the essence of transitioning to a decentralized web, and it's crucial for institutions like exchanges to prioritize this shift."

他说：“默认情况下，系统需要最大程度地减少信任 - 分配控制，使操作透明，并确保不能默默改变或丢失关键数据。” “这是过渡到分散网络的本质，对于像交流这样的机构以优先考虑这一转变至关重要。”

DeFi Risks

Defi风险

DeFi platforms carry their own security risks, explained Carvalho.

Carvalho解释说，Defi平台有自己的安全风险。

"Most 'decentralized' exchanges still depend heavily on centralized components, like frontend interfaces hosted on traditional servers, APIs running on corporate infrastructure, oracles pulling data from centralized sources, and cross-chain bridges managed by small groups of developers. When these elements fail - which they often do due to bridge hacks and oracle manipulations - the decentralization facade quickly fades," he explained.

“大多数'分散'的交流仍然很大程度上取决于集中式组件，例如在传统服务器上托管的前端界面，在公司基础设施上运行的API，从集中式来源中撤出数据，以及由小组开发人员管理的跨链桥梁，这些元素通常是由于这些元素而造成的。

Even if the blockchain layer is distributed, the surrounding infrastructure stack is centralized, and this creates vulnerabilities that sophisticated attackers can and will exploit, added Carvalho.

即使分布区块链层，周围的基础架构堆栈也是集中的，这会产生脆弱的攻击者可以而且将利用这些脆弱性，还增加了Carvalho。

"There's a pressing need for complete decentralization throughout the technology stack, not just at the token level," he said. "This includes deploying decentralized storage solutions, developing truly trustless cross-chain protocols, and creating immutable and verifiable data structures."

他说：“在整个技术堆栈中，不仅在代币层面上都需要完全分散的情况。” “这包括部署分散的存储解决方案，开发真正无信任的跨链协议，并创建不变和可验证的数据结构。”

Patrick Young, head of Galxe, added that while decentralized exchanges (DEXs) do offer users more control, they sometimes lack comprehensive identity protections, which leaves them vulnerable to bots, sybil attacks, and front-running.

Galxe负责人帕特里克·扬（Patrick Young）补充说，尽管分散的交流（DEX）确实为用户提供了更多的控制权，但有时他们缺乏全面的身份保护措施，这使他们容易受到机器人，Sybil攻击和正面运行的影响。

"What's needed is an evolution in how we approach identity and verification across both models - solutions that don’t just collect data, but protect it and enable platforms to verify legitimacy while maintaining privacy," said Young. "This isn't about choosing DEX over CEX, but ensuring both routes are secure, compliant, and built to foster user trust."

Young说：“需要的是我们如何在这两种模型中进行身份和验证的发展 - 不仅收集数据的解决方案，而且可以保护数据，并使平台能够在保持隐私的同时验证合法性。” “这并不是要选择DEX上的DEX，而是确保这两种路线都是安全的，合规的，并且可以促进用户信任。”

SEC Investigation

SEC调查

Coinbase on Thursday also confirmed that the U.S. Securities and Exchange Commission (SEC) was investigating whether it misstated its user numbers. Specifically, the SEC is looking into the number of "verified users," which Coinbase has claimed is more than 100 million.

Coinbase周四还确认，美国证券交易委员会（SEC）正在调查其用户数量是否错误。具体来说，SEC正在研究Coinbase声称的“经过验证的用户”的数量超过1亿。

According to data from Dune Analytics, Coinbase hosts around 167 million unique addresses. However, in a recent SEC filing, the platform had around 9.7 million monthly transacting users in Q1 2025.

根据Dune Analytics的数据，Coinbase主持了约1.67亿个独特的地址。但是，在最近的SEC文件中，该平台在第1季度2025年的每月交易用户约为970万。

“This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public. We explained that the verified users metric includes anyone who verified their email address or phone number with us, so it may overstate the number of unique customers, and the footnote in the proxy statement disclosing this was broadly covered in the press at

“这是先前政府对我们停止报告两年半前报告的指标进行的一项持有调查，该指标已完全披露给公众。我们解释说，经过验证的用户指标包括任何与我们验证他们的电子邮件地址或电话号码的人，因此它可能会夸大其词的唯一客户数量，并且在代理上披露的脚注披露，在媒体上广泛涵盖了媒体的范围。