The highly organized violation of the Coinbase (Coin) last week left more questions than answers.
While some acclaimed Coinbase’s response as a “really great example” when dealing with a crisis, the violation has now caused a potentially massive privacy problem that reflects the violation of data from the main book in 2021, which led to a series of robberies in the real world, since criminals could obtain control of the names and directions of the cryptitus. Coinbase has already recognized that its clients may have lost about half a billion US dollars as a result of their violation.
The cybercounts agreed to the data of Coinbase users when bribing and convincing Coinbase employees to share that data, but this was completely preventable, according to numerous experts who spoke with Coindesk.
“A fault -proof system would make data theft technically impossible, but Coinbase clearly did not prioritize these measures, leaving the door open,” said Andy Zhou, co -founder of Blockchain’s security firm in Blocksec.
Allowing these criminals to access personal data, either through a hack or, in this case, social engineering is a large plague in an exchange that facilitates billions of dollars in volume every day. The violation created a myriad of problems, including user privacy and trust. How could Coinbase, a company that quotes on the stock market, allow attackers to steal personal information and money through the main door? And could it have been avoided?
The CEO of Hacket Communications, Heather Dale, praised Coinbase’s response as a “master class in communication”, but the Coinbase method to address the problems was simple: throw as much money as much money.
The exchange offered a $ 20 million errors reward for anyone who reported information that would lead to arrest or prosecution. He also promised to voluntarily reimbursely reimbursed users with between $ 180 million and $ 400 million.
What happened?
Before analyzing the consequences of the violation, it is important to understand how the violation happened in a company that quotes on the stock market that spends millions of dollars per month in security infrastructure.
In February, the Zachxbt detective reported an increase in robberies involving coinbase users. He said it was “the result of aggressive risk models and the coinbase failure to prevent its users from losing $ 300 [million] per year to social engineering scams. “
The fear of cybercriminals who stole hundreds of millions of dollars became a reality last week when Coinbase published a blog post that revealed that account balances were stolen, government identification images, telephone numbers, addresses and details of masked bank accounts.
Unlike other hacks and infractions, which involve the attackers who exploit a defective back-end, these attackers entered through the main door, communicating directly with Coinbase employees and the purchase of access to information through Rogue Insids. Coinbase said he shot all responsible employees on the spot, although he did not reveal the method he used to find those responsible in the blog post.
The problem, however, is not limited to cryptography. In 2022, Digital Bank Revolution confirmed that 50,000 client data sets were stolen, while a year later, the Robinhouse negotiation platform had up to 5 million email addresses filtered. The last one was fined $ 45 million for the SEC after the rape after it arose that a part of the clients attacked them.
The BBC reported in October that a particular revolution user lost £ 165,000 ($ 220,0000) after a data violation and that the Neobank fraud detection system avoided £ 475 million in fraudulent transactions in 2023.
Coinbase Binance and Kraken competitors said they managed to defend themselves against similar social engineering attacks in recent weeks.
The CEO of Coinbase, Brian Armstrong, also published a video about X last week, stating that he received a “rescue note” for $ 20 million in Bitcoin in exchange for these attackers not to publish any information that they claimed to have obtained in Coinbase clients.
Zachxbt added on Thursday that the attackers began to obfuscate the stolen funds when exchanging BTC for ETH in Thorchain, a place that often used by the infamous group of hackers lazarus of the hackers of North Korea.
‘Great Attention Call’
Andy Zhou, co -founder of the Blockchain security firm in Blocksec, told Coinridsk that Coinbase should have made “more strict background verifications in employees who handle confidential data” and configure “alarms for strange activity” like someone suddenly discharging thousands of customer profiles.
Zhou added that Coinbase should have implemented several technical solutions. These include strict roles based, which means that employees only see the necessary data or privacy tools that allow work without exposing raw details (for example, photos of diffusion ID).
Nick Tause, Swimlane’s main security automation architect, told COINDESK that the violation should be an “important attention call” for a solid detection of threats with privileged information.
“As outsourcing scales and operations extend through the time areas, the detection of internal threats and access governance cannot be designed subsequent. A single source with the correct access, or in this case, incorrect incentives can make a hole even in the most fortified safety posture. Because, as it shows this breach, it only takes 1% of the customers who violate 100%. of the directors “.
However, not everyone is accumulating in Coinbase.
Michal Pospieszalk, CEO of Matterfi, said that “it is not a coinbase problem, it is a systemic vulnerability that is plagued by cryptoe from day one.”
He argued that the nature of sending cryptographic without an intermediary means that all platforms are at a false step of the disaster.
Computer pirates need to design a situation that can deceive users to send their funds in an irreversible transaction. In the case of Coinbase, the attackers obtained access to personal identification information from a dishonest employee.
The root problem, according to postpieszalsk, is the problem of users who do not know if they are sending funds to the right recipient, and adds that Crypto is executed in a model of identity verification “trust me, brother” and that is not sustainable.
What happens later?
Coinbase said he would voluntarily reimburse customers who lost funds during the violation and continue working with the police to capture those responsible. But for users, it is a darker path.
The exchange said in a regulatory presentation on Wednesday that the rape hit 69,461 clients. The presentation also noted that the violation occurred in December 2024 and was not discovered by Coinbase until May 15.
These details are on the Internet now, and they can even be on sale on the dark website and in shady telegram groups. After the violation of the main book, the client details were published in Raidforums, a disastrous data exchange platform, which led to an increase in phishing attempts.
Unfortunately, Coinbase cannot do anything to avoid sharing this leaked information, leaving affected users trying to put as many safeguards as possible. These include changing the wallets, changing deposits in exchanges and even changing housing addresses to avoid the risk of robberies in the real world. Users whose social security numbers leaked should also block their credit to avoid identity theft.
It can be cumbersome, but as seen earlier this year during the kidnapping attempt of the co -founder of Ledger David Balland (and several other people in recent weeks), criminals will not stop until they extract the maximum amount of funds, even if that means inflicting brutal acts of violence.
This also raises a possible legal question: if a coinbase client were stolen or attacked due to data violation, would Coinbase be responsible? Ledger could not escape a proposed collective claim earlier this year, and the plaintiffs claim that Ledger violated their privacy policy and should have had current measures to avoid rape.
Cryptographic researcher Molly White also pointed out that Coinbase changed her user agreement in April, adding two clauses that limit class action demands and demand that demands in New York exist, and changes are applied on May 15, the same day the violation was announced.
Coinbase responded to Coindesk about White’s claims, stating that the exchange had “notified customers very much” about the change of user agreement and that he had an exemption of class action for “years.”
However, Coinbase did not comment on the questions related to whether the violation was preventable or how clients will safeguard customers who could be at risk of robberies in the real world in the future.
Read more: market reaction to coinbase hack ‘overblow’, analysts say like the SEC probe that sinks into the stock
