How an insider-led breach sparked a costly scam at Coinbase

Alliance DAO contributor Qiao Wang has detailed a sophisticated social engineering scam targeting Coinbase users amid the firm’s insider-led data breach incident.

In a May 15 post on social media, Wang revealed how attackers impersonate exchange staff using personal data obtained through a recent internal breach. Individuals contacted him, claiming to represent Coinbase and warning of a supposed compromise on his account before conducting identity verification steps. 

The impersonators requested details about account balances to prioritize high-value targets, then instructed victims to transfer assets to a Coinbase Wallet. 

Under the guise of assisting with wallet setup, the attackers provided a pre-generated seed phrase, giving them full control once the user moved the assets. 

Wang said he called the scammers out at the end of the call:

“I called them out at the end of the call telling them they need to step up their game cuz this scam is retarded. They told me [they] had made $7m that day.”

Personal security at risk

Coinbase disclosed earlier on May 15 that it experienced a data breach affecting less than 1% of its monthly active users. The incident, which the company said did not compromise login credentials or private keys, was traced to the bribing of a group of overseas customer support agents to leak sensitive data. 

Information included names, contact details, identity documents, and masked banking and social security data.

According to a statement, Coinbase terminated the involved insiders and is cooperating with law enforcement to investigate the breach. CEO Brian Armstrong confirmed that the attackers attempted to extort $20 million in Bitcoin from the company, a demand that Coinbase rejected. 

Instead, the firm is offering a $20 million reward for information leading to the perpetrators’ arrest. Coinbase also stated it will reimburse affected users.

Despite the reimbursement promises, Wang called for Coinbase to treat the potential exposure of users’ home addresses and government-issued IDs as a personal safety issue, which is worth “way more than loss of funds.”

Remediation costs up to $400 million 

In recent months, ZachXBT has attributed more than $300 million in annualized Coinbase user losses to similar social engineering operations, many of which involve impersonation, seed phrase extraction, and fund redirection.

In an accompanying Form 8-K filing with the US Securities and Exchange Commission (SEC) on May 15, Coinbase disclosed that it is still assessing the total financial ramifications of the security lapse. 

Based on current data, the company’s preliminary estimates place remediation costs and voluntary customer reimbursements between $180 million and $400 million.

Additionally, Coinbase reiterated in the document that it would not pay the ransom demanded by the attackers. The company stated it intends to pursue all legal avenues against the individuals responsible for the attack and is continuing its investigation into the full scope of the incident.

The post How an insider-led breach sparked a costly scam at Coinbase appeared first on CryptoSlate.