Coinbase Cyber Attack – Personal Data Stolen In Cryptocurrency Exchange Cyber Attack

Coinbase, an American based cryptocurrency exchange has confirmed that customer personal data was compromised as part of a cyber attack that happened last week. In a report to the United States Securities and Exchange Commission, Coinbase say that they received an email from an unknown actor claiming that had obtained information about certain Coinbase customer accounts and internal documentation regarding customer service and account management systems. They then used this as leverage to try and extort Coinbase for $20 million, which Coinbase rejected.

This individual gained access to this information after they targeted customer support agents overseas, and used cash offers to collect data from them that they had access to in order to perform their job responsibilities. This was discovered independently by Coinbase’s own security monitoring systems and upon discovery, the individuals involved were terminated and stronger fraud-monitoring protections were implemented.

In a public statement, Coinbase have confirmed that the compromised data included names, addresses, contact details, masked social security and bank account details, ID photos and limited account data, such as balance snapshots and transaction history. Login credentials, including passwords and private keys were not compromised, meaning at this stage there is no direct risk regarding the security of any Coinbase accounts.

In addition to this, Coinbase have announced that they will be taking the following steps both limit the affect this has on customers and ensure that an incident of this nature cannot happen again:

Reimbursement: The nature of the data that was compromised means it has been easy for threat actors to trick individuals into sending funds by acting as if they were Coinbase. This is known as a social engineering attack, and is one of the most common ways attackers gain access to systems or convince people to send them money. In response to this, Coinbase have promised to reimburse anyone who fell victim to this due to their data being compromised in this attack.

Implementing additional safeguards: Flagged accounts will now require additional ID checks on large withdrawals. Scammers will naturally try and take large sums of money from people and Coinbase hopes that this, in addition to mandatory scam-awareness prompts, will reduce the number of people who fall victim to these scams.

Increased security in support operations: Coinbase will be opening a new support hub in the US and will be adding stronger security and monitoring tools across all locations.

Strengthening security systems: Investment has been increased in insider‑threat detection, automated response, and simulating similar security threats to find failure points in any internal systems.

Ongoing transparency: Impacted individuals have already been informed of this incident and Coinbase has demonstrated a commitment to being as transparent as possible during the investigation.

On top of this, instead of paying the $20 million ransom, they have established a $20 million reward fund for information leading to the arrest and conviction of the attackers behind this incident. Work with law enforcement has already started, with charges being pressed on the insiders.

What can we learn from this incident?

Coinbase is a massive global company, but that doesn’t mean that aren’t some key things we can learn from this incident:

Your security is only as strong as your weakest link: Being a cryptocurrency exchange, Coinbase generally has a high level of security across the board. Unfortunately, that wasn’t very useful in this case, where the willingness of overseas workers to aid in this attack meant that many of these provisions didn’t come into play. Fortunately, their practice of only allowing individuals access to data they need to complete their work meant this incident wasn’t as severe as it could have been.

Masking sensitive data will help reduce the impact of a breach: In this case, both bank details and social security numbers were masked, meaning the attackers are far more limited in what they can do with this data. While the GDPR doesn’t explicitly require the masking of any data, it can still help demonstrate a commitment to keeping certain forms of personal data secure.

Transparent communication is key: Coinbase chose to take the approach of owning the narrative early. They were honest and upfront about the incident, which will go a long way in helping maintain public trust despite the incident.

The importance of customer-centric responses: Many of the steps taken by Coinbase were centred around the impact this could have on customers. As required they were very quick to inform impacted individuals of the incident and did so in a way that clearly explained how the incident occurred and what impact it could have. In addition to this, they took many steps there aren’t legally required to, such as reimbursing people who were scammed and implementing scam-awareness measures to limit damage. While you don’t need to take the exact same approach as Coinbase did, similar methods help show responsibility over the incident and maintain trust.

Everyone is responsible for security: Implementing training and awareness schemes will help establish a zero tolerance for negligence of security and collusion.