- Coinbase confirmed suffering a cyberattack recently
- The attack started when crooks bribed the company’s employees overseas
- Passwords, and user funds, were not affected
Coinbase, one of the biggest centralized cryptocurrency exchanges in the world, suffered a cyberattack which might cost it between $180 million and $400 million. This is according to Reuters, citing a regulatory filing submitted by the company earlier this week.
The exchange said that on May 11, it received an email from an unknown threat actor who claimed they obtained internal documents, and sensitive data about certain customer accounts. Coinbase later confirmed these claims, saying that only a “small subset” of customers were affected.
The data stolen doesn’t include login credentials or passwords, but Coinbase did say it would reimburse anyone who gave their money to the attackers. To obtain the files, the criminals allegedly paid “multiple contractors and employees” who were working in support roles outside the US.
Demanding ransom
The individuals involved were identified and subsequently fired. There is no information on possible legal action against them.
The attackers demanded a ransom of $20 million in exchange for the data, which Coinbase refused to pay. Instead, it is now offering that exact amount of money – $20 million – as a bounty to anyone who comes forward with actionable information regarding the hackers’ identities or whereabouts.
Crypto is in a difficult position right now, trying to establish itself as a legitimate industry, while being surrounded by theft, scams, crime, and regulatory pressure. Just a few months ago, ByBit – another major cryptocurrency exchange – was hacked, with North Korean cybercriminals walking away with $1.5 billion in different tokens.
Earlier this May, Alex Mashinsky, the former CEO of the bankrupt crypto bank, Celsius Network, was sentenced to 12 years in prison after pleading guilty to securities fraud and commodities fraud, and recently – in broad daylight – three individuals tried to kidnap the daughter of a crypto exchange CEO.
At the same time, Reuters is reporting that the SEC took the opportunity to investigate if Coinbase misstated user figures and if it has inadequate KYC practices. Coinbase denied the probing, though.
Via Reuters
