Just last week, Coinbase — one of the largest cryptocurrency exchanges in the world — experienced a major data breach. This event resulted in billions of customer information being accessed without permission. The attackers were able to retrieve sensitive information, such as users’ names, addresses, phone numbers, and emails. This incident raises concerns regarding the security measures in place at the exchange and highlights the vulnerabilities associated with customer service operations.
The breach compromised personal contact information. It featured download links for 100 million masked Social Security numbers, bank account numbers, and images of government IDs such as driver’s licenses and passports. Then the attackers proceeded to read account data. One snapshot of the balance per account and transaction history were available to them. Extensive corporate data was affected, including internal scripts and training literature used by call center operators.
Attack Methods and Insider Compromise
According to Coinbase officials, the attackers used advanced bribery tactics to obtain sensitive customer data. They fought viciously against customer support agents located in India, who were the front lines of the company’s business process outsourcing arm. Philip Martin, a spokesperson for Coinbase, provided detail on how the attackers operated.
“What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data.” – Philip Martin
The breach was not that simple. It centered around a series of targeted bribery acts. It did not include anything about having ongoing access to that data for years. Coinbase vehemently disputes allegations that the hackers were provided with “virtually on-demand access” to user data.
“So there were a number of specific bribery incidents that this attack, that this threat actor is claiming credit for throughout the course of that time, but they did not have persistent access over the course of the entire period.” – Philip Martin
User Precautions and Company Response
In the wake of the breach, Coinbase has encouraged its users to use extra security measures. The firm advises users to turn on withdrawal allow-listing to limit withdrawal transfers to only addresses in a user’s address book. Enable two-factor authentication (2FA) to make your account more secure! Always be on the lookout for imposters who may attempt to convince you to wire money.
To address the repercussions of this incident, Coinbase has taken steps to reimburse customers who fell victim to social engineering attacks. To protect themselves, the company fired customer service agents whose credentials were compromised by the intruders.
“Criminals targeted our customer support agents overseas.” – Coinbase
Coinbase responded quickly to keep users informed about the breach. They assured us that sensitive data such as passwords and private keys, as well as our funds were not compromised.
“No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched.” – Coinbase