Coinbase says ‘rogue’ support agents helped steal customer data

Coinbase says cyber criminals “bribed and recruited” support workers to help steal customer data and trick victims into sending money to attackers. As a result of the attack, bad actors obtained the names, addresses, phone numbers, government IDs images, account data, and partial social security numbers of a “small subset of users,” according to a blog post on Thursday.

In a filing with the Securities and Exchange Commission, the crypto exchange said it received an email on May 11th from a threat actor who claimed they had information about certain Coinbase accounts. The bad actor demanded $20 million in exchange for not publicly exposing the information, but Coinbase refused to pay.

Coinbase is working with law enforcement to investigate the incident. It also “immediately terminated the personnel involved.”  The company “will press criminal charges.”

The crypto exchange notes that the attackers didn’t get login credentials, 2FA codes, or private keys, and weren’t able to access any Coinbase accounts or wallets. Coinbase says it could spend $180 million to $400 million repaying impacted customers. It’s also offering a $20 million reward to anyone who provides information leading to an arrest.

“Scammers — related to this incident or not — may pose as Coinbase employees and try to pressure you into moving your funds,” the company says in its blog post. “Remember, Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet.”