The Coinbase crypto exchange was hacked, but it didn't involve hackers - the attackers simply bribed the Indian support service

Taras Mishchenko - 16 May, 05:09 PM

The attackers bribed Coinbase support staff for several months, gaining virtually instant access to confidential customer information, a source familiar with the incident told Bloomberg.

Cryptocurrency exchange Coinbase said it expects to incur approximately $400 million in remediation and legal costs. More significantly, however, the data breach affected Coinbase, the first public U.S. crypto exchange and the largest custodian of assets for Bitcoin-backed exchange-traded funds, with over $122 billion in assets under management.

According to the source, the attackers paid support representatives, mostly contractors in India, to steal personal data, including customer names, dates of birth, addresses, citizenship, ID numbers, bank account details, account creation dates and balances. The "hackers" then began demanding a $20 million ransom from Coinbase to delete the stolen data.

Coinbase Chief Security Officer Philip Martin said that the employees’ anomalous activity was detected in January, after which the company immediately removed their access and terminated their contracts. He denied claims that the attackers had ongoing access to the crypto exchange’s customer data.

Coinbase notified affected customers and offered full compensation for any financial losses. In lieu of paying the ransom, the company offered a $20 million reward for information leading to the arrest and prosecution of the attackers.

Coinbase Prime, which serves institutional clients, was not affected, but news of the breach has shaken market sentiment. The crypto exchange’s shares fell more than 7% on Thursday, days after it was added to the S&P 500 index and amid reports of an ongoing SEC investigation into its user reporting.

Security experts warn that stolen data could be used for sophisticated social engineering attacks or identity fraud, which could threaten even wealthy traders who have already faced threats of having their assets stolen.

"It’s a major breach, the amount of personal information shared is staggering, it will make people have to consider their personal physical security," said Mike Dudas, managing partner at web3 firm 6MV.

Coinbase said less than 1% of its active users were affected by the breach and urged all customers to monitor their accounts, use strong, unique passwords, and enable two-factor authentication. The company has strengthened internal controls and is working with law enforcement to investigate the bribery scheme.