Cyber criminals bribed and recruited a team of ruthless support agents abroad to steal Coinbase customer data to facilitate social engineering attacks. These trusts abused their access to customer support systems to steal account data for a small customer subset.
No password, private keys or funds exposed and the primary Coinbase accounts are untouched.
Coinbase said today that he would compensate customers who were cheated on the mission to the attacker. The company is working closely with the law enforcement to pursue the toughest penalties that are possible and will not pay the issue of the $ 20 million wolves it has received.
Instead, it creates a $ 20 million reward fund for information leading to the arrest and conviction of criminals responsible for this attack.
What did the criminals get
- Name, Address, Phone and Email
- Social Security mask (only 4 digits)
- Mask Bank Account Numbers and certain bank account IDs
- Government Identity Images (eg driving license, passport)
- Account Data (balance snapshots and trading history)
- Limited corporate data (including documents, training material and communications available for support agents)
What did they not get
- Connecting credentials or 2FA codes
- Private keys
- Any ability to move or access to customer funds
- Access to Coinbase Primary Accounts
- Access to any Coinbase or Coinbase Hot or Cold Wallets.