管理内部人士风险至关重要：Coinbase最近针对其支持代理的勒索计划表明了为什么

在一个为什么管理内部风险至关重要的示例中，加密货币交易所Coinbase宣布，这是内部人员实现的勒索计划的目标。

Coinbase is the latest company to be targeted by cybercriminals in an attempt to extort millions. But what makes this case unique is that it was enabled by insiders and attempts to highlight the critical role that managing insider risk plays in today’s threat landscape.

Coinbase是网络犯罪分子以勒索数百万美元的最新公司。但是，使这种情况与众不同的是，它是由内部人员实现的，并试图强调管理内幕风险在当今威胁格局中发挥的关键作用。

According to a recent blog post by Coinbase, malicious actors recruited several overseas contractors who were support agents for the company to gain access to its systems. From there, the cybercriminals attempted to extort the company for USD20 million to cover up the data breach.

根据Coinbase最近的博客文章，恶意演员招募了几位海外承包商，这些承包商是该公司访问其系统的支持者。从那里开始，网络犯罪分子试图将公司勒索为2000万美元，以掩盖数据泄露。

Earlier this year in Forrester’s The Top Cybersecurity Threats In 2025 report, Forrester called out a higher risk of insider threats due to disgruntlement, financial distress, and geopolitical conflict.

今年早些时候，在2025年报告中，福雷斯特（Forrester）在福雷斯特（Forrester）的最高网络安全威胁中，福雷斯特（Forrester）呼吁由于不满，财务困扰和地缘政治冲突而造成内幕威胁的较高风险。

According to a video from Coinbase chief executive officer Brian Armstrong (see video below), the cybercriminals were able to access personal information on less than 1% of the company’s monthly transacting users (MTUs). An 8-K filing indicates that the cybercriminals accessed company and customer data, including:

根据Coinbase首席执行官Brian Armstrong的视频（请参见下面的视频），网络犯罪分子能够访问该公司每月交易用户（MTU）不到1％的个人信息。 8-K申请表明网络犯罪分子访问了公司和客户数据，包括：

* Customer names, email addresses, and postal addresses

*客户名称，电子邮件地址和邮政地址

* Phone numbers

*电话号码

* Cryptocurrency addresses

*加密货币地址

* Transaction history on the platform

*平台上的交易历史记录

* Copies of customers’ government-issued identification

*客户政府发行的身份证明的副本

* Social Security numbers for a small number of U.S. customers

*美国少数客户的社会保险号

* Bank account numbers for a small number of U.S. customers who used a bank transfer to fund their account or request a withdrawal

*使用银行转移资助其帐户或要求提款的少数美国客户的银行帐户号

The company said that the attackers weren’t able to access any user passwords, private keys, or funds. Instead, the cybercriminals used the data accessed to social engineer Coinbase clients. Coinbase is dismissing the insiders involved in the incident and is pursuing criminal charges against them through international law enforcement entities.

该公司表示，攻击者无法访问任何用户密码，私钥或资金。取而代之的是，网络犯罪分子使用了与社会工程师Coinbase客户访问的数据。 Coinbase正在驳回参与事件的内部人士，并通过国际执法实体对他们提起刑事指控。

Estimating the impact

估计影响

Coinbase provided a preliminary estimate of expenses related to the incident that range from USD180–400 million, including remediation costs, customer reimbursements, and other potential costs. The actual total could be lower based on insurance claims. Breaches, however, do have a long tail, so once litigation begins, the number could just as easily increase in the years ahead.

Coinbase提供了与事件相关的费用的初步估计，该费用范围为1.8亿美元至4亿美元，包括补救成本，客户报销和其他潜在费用。根据保险索赔，实际总数可以较低。但是，违规确实有很长的尾巴，因此一旦诉讼开始，该数字在未来几年就可以很容易地增加。

Flipping the coin (script) on the extortionists

翻转勒索主义者的硬币（脚本）

In a move that is sure to surprise many, Coinbase is throwing the ransom request back in the face of the attackers — instead of paying up for the modest sum and hoping to close the book on this chapter quickly, they are putting the USD20 million toward a bounty for information leading to the arrest and conviction of the attackers. This seems to be a first — governments, such as the FBI and the US State Department through Rewards For Justice, have offered bounties, but no private-sector companies seem to have taken this approach.

一定会让许多人感到惊讶的举动，Coinbase将赎金请求归还给袭击者的面对面 - 而不是为了付出适度的金额付款，希望在本章中迅速关闭这本书，而是将2000万美元投入了赏金，以获取导致袭击者被捕和定罪的信息。这似乎是第一个 - 联邦调查局和美国国务院等政府提供的奖励，但他们提供了赏金，但似乎没有私营部门公司采取这种方法。

Rebuilding Customer Trust

重建客户信任

The old adage “It’s not the crime; it’s the cover-up” applies to breaches. In this scenario, Coinbase is providing remarkably clear, specific, and transparent details about the incident and its impact. This ranges from its public statements and the video from its CEO to the bounty leading to the arrest of the individuals/groups involved and its required 8-K filing.

古老的格言“不是犯罪；这是掩盖”适用于违规行为。在这种情况下，Coinbase提供了有关事件及其影响的明确，具体和透明的细节。这涉及其公开声明和从首席执行官的视频到赏金，导致涉嫌个人/团体的逮捕以及所需的8-K文件。

Coinbase is also being responsive and human in its actions. The company is directly addressing customer concerns (such as reimbursements for those tricked by the attackers into sending funds) and highlighting how customers can stay safe.

Coinbase在其行为中也具有反应和人类。该公司直接解决了客户的疑虑（例如，攻击者欺骗者索取资金的人的报销），并强调客户如何保持安全。

In the blog post, Coinbase points out that “crypto adoption depends on trust.” The seven levers of trust in Forrester’s trust imperative research include accountability, competence, transparency, and empathy. Coinbase is touching on each of these in its announcements and communications about the incident so far. Its behavior, in the short term, is demonstrating its commitment to rebuilding customer trust.

Coinbase在博客文章中指出：“加密采用取决于信任。” Forrester信任命令式研究的七个信任杠杆包括问责制，能力，透明度和同理心。 Coinbase在迄今为止有关该事件的公告和通讯中都在谈论这些事件。在短期内，其行为正在证明其致力于重建客户信任。

Beware Of Low-Cost International Expansion

当心低成本国际扩张

Coinbase’s announcement includes a warning that every business needs to take note of. Economic volatility is putting pressure on businesses to cut costs in various ways, and one way that companies are increasing efficiency is through offshoring. But international expansion brings with it cultural challenges, law enforcement differences, and stark contrasts in employee-to-employer loyalty. Coinbase is experiencing this firsthand. For those thinking that a combination of guardrails, agentic AI, and AI agents will solve this problem … well … generative AI is not immune to bribes either.

Coinbase的公告包括一个警告，每个企业都需要注意。经济波动正向企业造成以各种方式降低成本的压力，而公司提高效率的一种方式是通过离岸外包。但是国际扩张带来了IT文化挑战，执法差异以及员工与雇主忠诚度的鲜明对比。 Coinbase正在亲身体验这一第一手。对于那些认为护栏，代理AI和AI代理的组合将解决这个问题的人……好吧……生成的AI也不免受贿赂的影响。

Thwarting future social engineering attempts

挫败未来的社会工程尝试

The Coinbase breach was a combination of multiple human-element breach types that resulted in the social engineering of its customers. In addition to the transparency around the breach itself, Coinbase is providing all customers with best practices for keeping data and funds safe.

Coinbase漏洞是多种人元素违规类型的组合，导致了客户的社会工程。除了违规本身的透明度外，Coinbase还为所有客户提供了确保数据和资金安全的最佳实践。

Coinbase is clearly stating that it will never ask for passwords or two-factor authentication codes and won’t call or text customers to provide information. It states, “If you receive this call, hang up the phone.”

Coinbase清楚地表明，它永远不会要求密码或两因素身份验证代码，并且不会致电或发短信以提供信息。它说：“如果您接到此电话，挂断电话。”

Encouraging customers, partners, and employees to pause and ask questions in the face of novelty, authority, and/or urgency is critical to disrupting social engineering attempts. It’s equally important to

鼓励客户，合作伙伴和员工在面对新颖，权威和/或紧迫性的情况下暂停并提出问题，对于破坏社会工程尝试至关重要。同样重要的是