A Huge Crypto Exchange Has Been Breached: Here's How to See if Your Data Was Exposed

[lokamoka820]

Content source

https://www.makeuseof.com/crypto-exchange-breached-see-if-data-exposed/

Crypto exchanges are popular targets among cybercriminals. A huge crypto exchange has been breached, and while your money is safe, your personal data might have fallen into the wrong hands.

Rogue Support Workers Helped Breach Coinbase​

Popular crypto exchange Coinbase has disclosed a data breach, claiming hackers "bribed and recruited" its support workers to steal customer data and scammed users into sending them money. The company's filing with the SEC adds that it received an email from the hackers on May 11, claiming they have information on "certain Coinbase customer accounts" and internal company documentation, including materials related to its customer service and account management systems.

The hackers targeted Coinbase's overseas customer support agents, using cash offers to let them copy data from the company's customer support tools for "less than 1% of Coinbase monthly transacting users." The goal was to collect a customer list to scam users into handing over their crypto assets via social engineering attacks. This isn't the first time Coinbase employees have been targeted either.

They also tried extorting the platform for $20 million, but Coinbase refused to pay up. In the end, the hackers were able to get away with the following data:

• Personal information, including names, addresses, phone numbers, and emails.
• The last four digits of saved Social Security numbers.
• Masked bank account numbers and identifiers.
• Government ID images
• Account data such as balance snapshots and transaction history
• Internal corporate data, as mentioned above.

The crypto exchange clarified that the stolen information doesn't include login credentials or 2FA codes, private keys, or any access to customer funds. All Coinbase Prime accounts are also untouched.

How Is Coinbase Responding?​

The responsible agents were "fired on the spot," and Coinbase will be pressing criminal charges. In the meantime, the platform has set up a $20 million reward fund for any information leading to the arrest and conviction of the hackers. It's also working with industry partners and law enforcement to track and recover any lost funds.

 

[Wrecker4923]

Yeah, insiders selling customer access to scammers. This seems to be common in certain localities.

Limit shared information everywhere. Don't think any institution is privileged or hardened. Report, complain, or tell your rep if you can. After that, more or less, it is what it is.

 

[Zero Knowledge]

The problem is you can't limit information when it's related to financial. KYC demands real life information be handed over.

This is Coinbase fault , to save money on staff they probably used offshore customer reps who were probably paid peanuts instead of paying acceptable wages to people inside USA.

Even if they were USA based it doesn't excuse this behavior, they should of threat modeled it and put in precautions. I bet there are a lot of high rollers or whales upset over this .