(Bloomberg) – On the long list of cryptographic companies that have been hacked, there are many examples of financial losses which are much more painful than what Coinbase Global Inc. seems to face the attack she disclosed on Thursday.
Most of Bloomberg
However, it is distinguished by an importance far beyond the $ 400 million that the company expects it to cost: this time, the victim was undoubtedly the most influential American company in the industry.
Coinbase is the company that directed the market of the digital asset industry in the consumer financial system as the first exchange of the stock market on the stock market. It is the company that protects the share of the lion of 122 billion dollars in tokens belonging to funds negotiated on the SPOT-BITCOIN stock exchange. And it was the cabinet that has done much of the working hours with regard to the industry campaign campaign campaign to send a peloton of Pro-Crypto legislators to Washington this year.
Indeed, the revelation of hacking comes only three days after the completion of the company in the collection of the class of digital assets with its addition to the S&P 500 index, a development which will win its shares in dollars of retirement plans and other investment products which will follow the reference gauge. Piracy, as well as subsequent news of a persistent SECURITIES and Exchange Commission survey on how the company reported its number of users, reduced shares by more than 7% on Thursday.
While the Company says that the Coinbase Prime service which kept the crypto for issuers and services ETF of other institutional investors was not affected, the hackers had an almost constant access to some of the data from the most precious customers of Coinbase Global Inc. since January, according to a person familiar with the incident that asked not to be named the company.
The pirate program was cheeky, if not particularly impressive from a technological point of view: they welded customer representatives to steal customer data, and then asked for a ransom of $ 20 million to delete it. Coinbase began to notice an unusual activity of some of these representatives in January, confirmed the company in an interview with Bloomberg News.
Sudoyed representatives had access to names, birth dates, addresses, nationalities, identification numbers issued by the government, certain banking information as well as details on the moment when customer accounts have been created and their sales, depending on the person familiar with the situation. This information could be used to try to identify Coinbase and convince customers to leave the pirates in their account. It could also be used to usurp the identity of the victims with other service providers to try to convince them to leave the hackers in other financial accounts they maintain.
For some traders with large sales on the stock market, the incident was alarming for reasons that exceed potential financial losses, given the removal and mutilation of a co-founder of Startup Crypto earlier this year and reports of other similar incidents.
“This is a major violation, the amount of personal information shared is amazing,” said Mike Dudas, director of the company web3 6MV, who said he had been targeted by the Coinbase pirates. “This will force people to consider their personal physical security, especially with things that happen in France and elsewhere.”
The hackers had welded enough customer service representatives to obtain access to the Corbase customer information effectively in the past five months, the person said. The director of chief security of Coinbase, Philip Martin, challenged the assertion of an almost constant access, affirming in an interview with Bloomberg News that the company had drawn the access of the agents as soon as it was discovered that they did not share the information. Consequently, the pirates “had not had persistent access during the whole period,” he said.
“What these attackers were doing was finding Employees and Entrepreneurs de Coinbase based in India who were associated with our outsourcing or support for business processes, this kind of thing, and welding them in order to obtain customer data,” said Martin.
Coinbase detected the agents, put them in quarantine and drawn them, as soon as the company noticed the activity.
“There have therefore been a certain number of specific corruption incidents that this attack, that this threat player claims credit throughout this time, but they did not have persistent access during the whole period,” he said.
The pirates had access to this data as recently as Wednesday, the person familiar with the incident. Martin said, “We have no reason to believe that it is true” but could not “prove a negative”.
Bloomberg News is aware of an accessible to notable and high net value data, which Bloomberg does not disclose for reasons of confidentiality.
David Jeong, founder of Crypto in New York, said that he had received a text from an unidentified number on April 3, in which he had been invited to check the connection on his personal account. He then received another text from another number on May 4. Jeong said he hadn’t used a single Coinbase password for two years.
Coinbase said in a regulatory file that he had received an anonymous e-mail of pirates requesting their ransom on May 11. He added that in the months preceding this email, he had detected cases of customer support agents outside the United States of data collection from internal systems. Last weekend, some premium customers received emails suggesting that their information had been accessible.
“At Coinbase, we actively monitor our systems to ensure that customer information is only accessible when necessary and in accordance with our strict security standards. We wanted to let you know that we have detected the activity suggesting that the information relating to your account can be consulted in a way that is not aligning with our internal policies,” said the company during a customer email. “Information did not imply your password, your sentence sentence or any other information that would have enabled someone to access your account or your funds directly.”
In the email, Coinbase recommended that customers make sure that they “follow your account regularly, using a strong and unique password”.
Less than 1% of the monthly exchange users of the exchange were affected, said Coinbase on Thursday. In addition to moving security checks for people affected, Coinbase said it would fully reimburse anyone who has lost money. Instead of paying the ransom, the exchange offers a bonus of $ 20 million to anyone with information leading to the arrest and the condemnation of the attackers.
The hacks have long tormented the cryptography industry, thanks to its strong dependence on user anonymity and complex digital software. About 2.2 billion dollars were lost for such incidents in 2024, according to researcher Chainalysis. Operating under the threat of attack was particularly painful for the exchanges of cryptography, which are often major targets and face high costs to maintain close security.
This type of so -called social engineering attack – in which criminals use people to obtain unauthorized access to data, rather than exploiting defects in the IT code – is a type of threat has become more and more popular in crypto, which leads to recent major incidents such as the hacking of 1.5 billion dollars of backpaying backing in February. With a price of $ 400 million to cover the cost of reimbursement of users, among other costs, the incident ranks like the eighth largest hack of hacking of all time, according to elliptical data.
“Unfortunately, as our emerging industry develops quickly, it attracts the eye of bad players, who become more and more sophisticated in the context of their attacks and exploit new AI tools and techniques to bypass fraud prevention measures,” said Nick Jones, founder and CEO of the Zumo cryptographic technology platform. “It is naturally a hard blow for a company that had a few weeks a few weeks.”
Meanwhile, the New York Times reported that the Securities and Exchange Commission studied if Coinbase had resulted in its number of users in the disclosure within the framework of an investigation which started during the Biden administration.
“This is an investigation to maintain the previous administration on a metric that we stopped reporting two and a half years ago, which was entirely disclosed to the public,” said Paul Grewal, Coinbase Legal Director, in a statement. “Although we firmly think that this investigation should not continue, we remain determined to work with the dry to put an end to this affair.”
– With the help of Muyao Shen and Olga Kharif.
Most of Bloomberg Businessweek
© 2025 Bloomberg LP
