The popular crypto exchange said ‘less than 1pc’ of monthly users were affected.
Popular US cryptocurrency exchange Coinbase has been hit by cybercriminals, who posed as employees of the company to trick customers into handing over funds. The company estimates up to $400m in losses stemming from the attack.
Coinbase, which claims to have more than 100m customers, said that the bad actors used cash to bribe a “small group of insiders” for customer data, which was then used to trick “less than 1pc” of its monthly transacting users.
As a result of the ruse, the cyber criminals gained access to sensitive customer information, including addresses, part of their social security and bank account numbers, and images of driver’s licenses and passports.
Although, the hackers did not get any login credentials, private keys or any ability to access or move customer funds, the company said.
Coinbase claims that the bad actors used this data as ransom to try to extort $20m from the crypto exchange, but it refused to pay out.
Instead, the company said that it will reimburse customers who were tricked into sending funds, with affected accounts now requiring additional ID checks on large withdrawals. These accounts will also receive mandatory scam-awareness prompts.
According to the company, the involved insiders have been fired and notified to law enforcement in the US and internationally. Coinbase intends to press criminal charges.
Moreover, Coinbase has announced a $20m reward fund for information leading to the arrest and conviction of the attackers.
The company has also tagged the attackers’ crypto wallet addresses to allow law enforcement authorities to track and recover stolen assets.
Earlier this week, UK retailer Marks and Spencer revealed that some of its customers’ personal data was stolen during an April cyberattack. Although, it claimed that no payment details or passwords were included.
Still, cyber experts warn that compromised contact details can be a threat to affected customers as they can be sold to other malicious actors.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
