Coinbase Tells Bitcoin Extortionists to Pound Sand After Insider Data Leak

Another day, another crypto firm staring down the barrel of a hack—only this time, the attackers had help from inside the house. Coinbase just confirmed it’s battling a $20M ransom demand following a data breach orchestrated by (you guessed it) a rogue employee. Because nothing says ’trustless system’ like an insider handing over the keys.

The kicker? The exchange isn’t blinking. While Wall Street would’ve probably folded faster than a cheap suit, Coinbase’s infosec team is treating the Bitcoin ransom like a bad meme coin—ignoring it into oblivion.

Cynical finance jab: At least this breach didn’t involve a ’decentralized’ project’s admin keys being stored in a Google Doc.

How Coinbase was breached

According to the exchange, the threat actors recruited and bribed a group of overseas support agents with access to its internal systems.

These insiders leaked sensitive data, which allowed the threat actors to impersonate Coinbase staff and carry out social engineering scams.

According to the firm, the compromised data included names, contact details, identity documents, and masked bank and social security information.

However, Coinbase stressed that its users’ login credentials, private keys, and Core infrastructure, including Prime wallets, remained secure.

Meanwhile, the company has terminated the compromised insiders and vowed to pursue legal action against them. It is also working with law enforcement agencies to investigate the breach.

Coinbase further announced that it will compensate affected users.

The attackers attempted to extort $20 million from the firm following the breach. However, Coinbase rejected the demand, stating:

“We will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”

ZachXBT’s connection

While Coinbase has not confirmed any direct links, blockchain investigator ZachXBT noted that the breach aligns with previous social engineering attacks he has reported.

In a response to the Coinbase announcement, ZachXBT said:

“Indeed there’s a lot of Coinbase user thefts I posted tied to the group.”

Over recent months, ZachXBT has detailed how Coinbase users have collectively lost hundreds of millions of dollars to elaborate phishing and impersonation tactics. He estimated that such scams cost the exchange users more than $300 million yearly.

However, Wintermute CEO Evgeny Gaevoy believed the current rigid regulatory frameworks allowed these attacks to flourish.

According to him:

“This is the dark side of the idiotic and nonsensical kyc/aml regime we live in. Making life marginally convenient for law enforcement and geopolitical games, while sacrificing our privacy, imposing a massive tax on pretty much all businesses, and making it easier for criminals to rob, kidnap and do crime.”