Coinbase Global does not plan to look at a ransom request of $ 20 million in pirates who have framed the information of the customers of international support agents, the company announced on Thursday.
Instead, Coinbase offers a reward of $ 20 million for information leading to the arrest and the conviction of these pirates, who welded “weak links” found on the Customer-Monn Customer Support team social media site X.
“Our assistance tools have limited access to customer information. There were (no) passwords or private keys or funds accessible as part of this, but customer support agents have access to personal information such as name, date of birth, address, etc., “said Armstrong. “The attackers always want access to this information because it allows them to carry out social engineering attacks, where they can call our customers, by usurping the identity of Coinbase customer support and try to encourage them to send their funds to the attacker.”
Cyber-incident comes in the middle of other important news for Coinbase. The New York Times said Thursday that the exchange was under investigation by the Securities and Exchange Commission for having allegedly destroyed the verified users. In addition, Coinbase announced Wednesday that it would join the S&P 500 on May 19 – the first exchange of crypto to do so.
Social engineering attacks, which circumvent technical defenses by manipulating people in the abandonment of private information, represents 70% to 90% of cyber attacks, according to the Cybersecurity Software Company Secure. Phishing via emails and false websites and SMISHING, a derivation that uses SMS, are common types of social engineering attacks.
Thanks to some “bad apples”, the information disclosed from Coinbase included names, addresses, telephone numbers and email addresses; Masked social security numbers; Masked bank account numbers; Driving and passport license photos; and the stories of balance and transactions, according to A business blog article.
The incident – that Coinbase learned from an e -mail of the striker on Sunday demanding a ransom – could cost the exchange between $ 180 million and $ 400 million, according to One file by the company Thursday with Commission of securities and exchange. This includes the costs of solving security and customer reimbursement problems.
Consequently, the company will move some of its customer support operations, in particular by opening a new assistance center in the United States Coinbase says that it is “first” and has no physical headquarters.
Coinbase ended all the staff involved in the incident and implemented increased fraud monitoring protections, according to the file, and informed customers whose information was potentially accessible.
“For these extremely extremely expanses or anyone looking to harm Coinbase customers, know that we will continue and reflect you in court,” said Armstrong in his video on X.
Regarding the SEC investigation, the legal director Paul Grewal made this declaration to the bank diving in an email: “This is an investigation to maintain the previous administration on a metric that we stopped reporting two and a half years ago, which was entirely disclosed to the public.”
“We have explained that the metric of verified users includes anyone who checked their email address or phone number with us, so it can overestimate the number of unique customers,” added the press release.
“We have also disclosed – and continue to disclose – the most relevant metric of” monthly users ” – the number of people who use our platform in a given month,” said Grewal. “Although we firmly think that this investigation should not continue, we remain determined to work with the dry to put an end to this affair.”
Cornerbase first trimester deposit Indicates that the company has 9.7 million MTU. By this metric, the Sunday cyber-incident affected up to 97,000 people.
In February, the SEC said that she had entered into an agreement with Coinbase to abandon a civil action against society after a regulatory change in the Trump administration. This trial in 2023 brought by the Federal Agency under the Biden Administration, revolved around registration requirements.
