According to the exchange, the threat actors recruited and bribed a group of overseas support agents with access to its internal systems.
These insiders leaked sensitive data, which allowed the threat actors to impersonate Coinbase staff and carry out social engineering scams.
According to the firm, the compromised data included names, contact details, identity documents, and masked bank and social security information.
However, Coinbase stressed that its users’ login credentials, private keys, and core infrastructure, including Prime wallets, remained secure.
Meanwhile, the company has terminated the compromised insiders and vowed to pursue legal action against them. It is also working with law enforcement agencies to investigate the breach.
Coinbase further announced that it will compensate affected users.
The attackers attempted to extort $20 million from the firm following the breach. However, Coinbase rejected the demand, stating:
“We will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”
“Indeed there’s a lot of Coinbase user thefts I posted tied to the group.”
According to him:
“This is the dark side of the idiotic and nonsensical kyc/aml regime we live in. Making life marginally convenient for law enforcement and geopolitical games, while sacrificing our privacy, imposing a massive tax on pretty much all businesses, and making it easier for criminals to rob, kidnap and do crime.”