Theft and scams are unfortunately not uncommon at Coinbase, with an independent estimate recently finding that the company has lost some $300 million in funds to assorted fraud and hacking. But a recent data breach looks like it has a good chance of doubling that total on its own. The crypto exchange projects a loss of $180 million to $400 million after overseas customer service reps were bribed by unknown parties, who provided the attackers with sensitive personal information then put to use in targeted money transfer schemes.
Major step forward for crypto exchanges marred by security incident
As of this writing Coinbase is just about to formally debut on the S&P 500 Index, the first US crypto exchange to do so. The celebratory mood has been somewhat dampened by questions about security practices, however, particularly after the news that bribery of India-based customer service staff had been going on for some time.
The S&P listing sent Coinbase’s shares surging by about 24%, with an additional 6% gain from the news that it is expanding internationally by acquiring Dubai-based crypto exchange Deribit. The news of the data breach just about wiped out the Deribit gain, however. Coinbase now experiences around 100 of these types of attacks per year, putting it on par with the amount big banks like Wells Fargo field. But it tends to allow a variety of schemes through the gate, more so than its fiat counterparts.
Data breach did not provide direct wallet access, but sensitive information was stolen
The attackers, who remain unknown, appear to have selectively targeted the more well-funded of Coinbase’s users. A bribe of an unspecified amount to one of these rogue contractors would get them full names, addresses, phone numbers, photo ID images used for verification, masked bank account information, crypto exchange account balances, transaction histories and partial Social Security numbers.
They were not able to log into customer accounts and directly drain funds, but were able to use this information to construct convincing phishing messages that purported to be from Coinbase. The crypto exchange has said that it will cover customer losses from these thefts and will also be building a customer service center in the US going forward.
There is not yet a full accounting of user impact, but Coinbase says “less than 1%” of its crypto exchange users are impacted by the data breach. One of the attackers first contacted Coinbase directly with pilfered internal documents on May 11 and attempted to hold it to ransom for $20 million, which it refused. That money has now been set aside as a reward pool for information leading to arrests and convictions.
The incident is concerning as the wording of the disclosure indicates that it was “multiple” foreign workers with this high level of access to PII being bribed over a substantial amount of time, and with the incident only coming to light because one party got greedy and decided to hold the company to ransom. Users of the crypto exchange are already filing lawsuits over the incident, alleging that their personal information was not properly secured.
Coinbase is advising users to expect more scam attempts in the wake of the data breach, but given recent history it would have already been prudent to anticipate these (especially for high-wealth individuals). The crypto exchange has announced some promising security improvements, but perhaps the biggest change is the announcement of onshoring customer service which should provide clear and immediate improvement to ability to govern and monitor these operations once the facility is up and running.
