Hackers have been stealing Coinbase customer information by bribing the company’s overseas support agents for access.
The scheme affects a “small subset of customers,” the popular cryptocurrency platform said on Thursday. “Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the company wrote in a blog post.
Fortunately, the hackers had no access to user passwords, two-factor authentication codes, or the private keys for any cryptocurrency accounts.
Still, in some cases, the cybercriminals successfully phished affected customers using stolen data, which included names, addresses, phones, email addresses, the last four digits of Social Security numbers, “masked bank account numbers,” government ID images such as driver’s license, along with balance snapshots and transaction histories. Unsuspecting victims then sent their cryptocurrency to the scammers, believing them to be official Coinbase representatives.
This Tweet is currently unavailable. It might be loading or has been removed.
In addition, the hackers even tried to extort Coinbase itself, demanding a $20 million payment from the cryptocurrency company to cover up the incident. However, Coinbase refused to pay and instead disclosed the hacking activity to warn users.
This Tweet is currently unavailable. It might be loading or has been removed.
The scheme risks endangering customers who regularly use Coinbase for cryptocurrency transactions. “Less than 1% of our monthly transacting users had their records accessed,” CEO Brian Armstrong said in a video, without mentioning a firm number.
In some good news, Coinbase plans on reimbursing users who fell for the phishing attempts. The company is also bolstering its security around customer support to prevent a repeat. “We’re actually relocating some of our customer support operations as a result of this,” Armstrong added.
Coinbase is also offering a $20 million reward for any information that leads to the arrest of the culprits. “For these would-be extortionists, or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice,” Armstrong said.
Recommended by Our Editors
Still, the hackers could use the stolen data to commit identity theft and other malicious schemes against the impacted users. Hence, victims should take measures to protect themselves.
Coinbase says it already sent alert notices to affected customers, though details on the reimbursement process are scant. For now, the blog post merely says: “Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts.”
In the meantime, the company says it’s working with law enforcement to ID the scammers.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
