TZUTC: -0500
MSGID: 1129.consprcy@1:2320/105 2c8c805b
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Personal information leaked in Coinbase cyberattack, cost could be $400
million

Date:
Fri, 16 May 2025 12:28:00 +0000

Description:
Hackers bribed Coinbase employees to obtain the data and later demanded a
ransom.

FULL STORY

Coinbase, one of the biggest centralized cryptocurrency exchanges in the
world, suffered a cyberattack which might cost it between $180 million and
$400 million. This is according to Reuters, citing a regulatory filing
submitted by the company earlier this week. 

The exchange said that on May 11, it received an email from an unknown threat
actor who claimed they obtained internal documents, and sensitive data about
certain customer accounts. Coinbase later confirmed these claims, saying that
only a small subset of customers were affected. 

The data stolen doesnt include login credentials or passwords , but Coinbase
did say it would reimburse anyone who gave their money to the attackers. To
obtain the files, the criminals allegedly paid multiple contractors and
employees who were working in support roles outside the US. 

Demanding ransom

The individuals involved were identified and subsequently fired. There is no
information on possible legal action against them. 

The attackers demanded a ransom of $20 million in exchange for the data, 
which Coinbase refused to pay. Instead, it is now offering that exact amount
of money - $20 million - as a bounty to anyone who comes forward with
actionable information regarding the hackers identities or whereabouts. 

Crypto is in a difficult position right now, trying to establish itself as a
legitimate industry, while being surrounded by theft, scams, crime, and
regulatory pressure. Just a few months ago, ByBit - another major
cryptocurrency exchange - was hacked, with North Korean cybercriminals 
walking away with $1.5 billion in different tokens. 

Earlier this May, Alex Mashinsky, the former CEO of the bankrupt crypto bank,
Celsius Network, was sentenced to 12 years in prison after pleading guilty to
securities fraud and commodities fraud, and recently - in broad daylight -
three individuals tried to kidnap the daughter of a crypto exchange CEO. 

At the same time, Reuters is reporting that the SEC took the opportunity to
investigate if Coinbase misstated user figures and if it has inadequate KYC
practices. Coinbase denied the probing, though. 

 Via Reuters

======================================================================
Link to news story:
https://www.techradar.com/pro/security/personal-information-leaked-in-coinbase
-cyberattack-cost-could-be-usd400-million

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426