By Naveen Athrappully
Contributing Writer
The cryptocurrency exchange Coinbase was recently targeted in a hacking incident that led to the personal data of thousands of customers being stolen, the company said in a Thursday statement.
According to a March 31 filing with the Securities and Exchange Commission, Coinbase had 9.7 million monthly transaction users by the end of that month.
Since the company claims that less than 1% of MTUs have been impacted by the hack, the number of affected individuals could be around 97,000.
Hackers got access to names, addresses, phone numbers, emails, last four digits of Social Security numbers, masked bank account numbers and identifiers, government ID images such as driver’s licenses and passports, and account data such as balance snapshots and transaction history.
Hackers did not get access to login credentials or 2FA codes, private keys, customer funds and the ability to move these funds, Coinbase Prime accounts, Coinbase or Coinbase customer hot or cold wallets.
Following the revelation, Coinbase shares crashed by 7.2% on Thursday.
In a Wednesday filing with the SEC, Coinbase said it received an email communication from a threat actor on Sunday claiming to have obtained info about certain customer accounts and other details.
“The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access,” said the filing.
The hackers aimed to gather a list of customers to contact while impersonating Coinbase to trick them into handing over their crypto assets, the company said in its Thursday statement.
They also tried to extort $20 million from the company to cover up the situation.
However, Coinbase refused to pay and is cooperating with law enforcement in the investigation, said the Wednesday filing.
“To the extent any eligible retail customers previously sent funds to the threat actor as a direct result of this incident, the company intends to voluntarily reimburse them after it completes its review to confirm the facts,” it said.
“The company is also in the process of opening a new support hub in the United States and taking other measures to harden its defenses to prevent this type of incident.”
Crypto Losses
Coinbase has set up a $20 million reward fund for information that leads to the arrest and conviction of the hackers, said the company statement.
The insiders who worked with the criminals have been fired and referred to U.S. and international law enforcement, Coinbase said, adding it will press criminal charges against them.
The company warned that scammers linked to the incident could pose as Coinbase workers and seek to pressure customers into moving their funds.
“Remember, Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault, or wallet. We will never call or text you to give you a new seed phrase or wallet address to move your funds to,” it said while advising customers who receive such calls to hang up their phones.
Crypto theft has been rising over the past year. In the first quarter of this year, investors lost $1.67 billion worth of crypto in 197 incidents because of hacks, scams and exploits, blockchain security company CertiK said in an April 1 report.
This is more than 300% higher than the previous quarter. It is also more than two-thirds of the $2.39 billion stolen for the entirety of 2024.
Out of the $1.67 billion in losses, $1.45 billion was accounted for by just one single incident — the exploit of Bybit, the second-largest crypto exchange in the world. Bybit announced the breach on Feb. 21, saying the hack took place while the company was carrying out a routine crypto transfer.
The hack happened despite the fact that the transfer process involved multiple security checks and signatures.
Blockchain analysts tracked the attack back to the Lazarus Group, a cybercrime gang allegedly run by the North Korean government.
“The fallout from Bybit’s breach has since sent shockwaves throughout the industry, raising urgent questions about security measures at centralized exchanges, with many regulators and security firms calling for stronger protective measures,” said the report.
