Cryptocurrency exchange Coinbase disclosed that it expects to pay between $180-$400 million to compensate customers affected by a major data breach. In an SEC filing, the company stated that while private encryption keys remained secure, sufficient customer information was exposed to enable sophisticated phishing attacks by criminals posing as Coinbase personnel.
The data breach, detailed in Coinbase’s May 15 blog post, was not of Coinbase’s platform itself. It resulted from the bribing of offshore support contractors and staff who leaked customer contact details and limited account information, which included identity data such as passport details. Threat actors subsequently used this data to conduct targeted phishing campaigns, successfully deceiving some customers into providing account access credentials.
The company had detected these activities in the past months and promptly fired the staff or contractors involved. It also warned the clients whose details were compromised. Coinbase said its core systems remained secure, but acknowledged the significant customer impact from these secondary attacks.
Article continues …
Want the full story? Pro subscribers get complete articles, exclusive industry analysis, and early access to legislative updates that keep you ahead of the competition. Join the professionals who are choosing deeper insights over surface level news.
