The glost of data leak refuses to leave Coinbase, it seems.
The company, already troubled by the ripple effects of the fall of FTX exchange and Bittrex, in February assured that no customer data was leaked in the Coinbase cyber attack that came to light that month. Security researchers and industry insiders say otherwise.
Troy Hunt, creator of Have I Been Pwned?, flagged about an unconfirmed claim about Coinbase data leaked, including “personal information, addresses, phone numbers, emails”. It is unclear whether the data is about employees or customers.
In reply to internet entrepreneur Grey Jabesi’s tweet on the incident indicating that this may be data sold by the company, Coinbase Support, the official Coinbase support account, assured that it was not the case of company selling user credentials to third parties.
Coinbase cyber attack explained
In February, Coinbase disclosed that the login credentials of a Coinbase employee were compromised by an unknown individual who attempted to gain unauthorized access to the company’s systems.
The attacker employed a phishing technique to target several Coinbase engineers on February 5, sending them SMS alerts urging them to access their company accounts to read an important message.
One employee fell for the scam and provided their credentials, after which they were directed to ignore the message.
“What happened next was that the attacker, equipped with a legitimate Coinbase employee username and password, made repeated attempts to gain remote access to Coinbase,” said the company disclosure.
“The attacker was unable to provide the required Multi Factor Authentication (MFA) credentials – and was blocked from gaining access.”
Despite the Coinbase cyber attack, customer data and funds remained unaffected, and only contact information belonging to some Coinbase employees was obtained by the attacker, the company assured then.
Fortunately, no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers,” the Coinbase statement said.
Coinbase cyber attack: Facts and rumors
What triggered the current fears is data, supposedly belonging to Coinbase, being circulated on the dak web.
“There were noises in multiple forums and chat groups about a data breach related to Coinbase a year before. The data leak impacted more that 200K customers,” tweeted threat intelligence service Flacon Feeds.
In October 2021, Coinbase sent out breach notification letters to thousands of its users after over 6,000 accounts were compromised and funds were stolen.
The breach was first detected in early April 2021, when Coinbase’s security team noticed an unusual amount of account activity.
Upon investigation, it was discovered that a group of hackers had gained access to Coinbase’s internal systems and were able to bypass its security measures.
The hackers then proceeded to initiate unauthorized transactions from the affected accounts, siphoning off millions of dollars in cryptocurrency funds.
Coinbase assured then that it has taken steps to address the issue, including freezing affected accounts and launching an investigation into the incident.
The company has also pledged to fully reimburse any customers who have lost funds as a result of the breach.
“We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost,” said the letter.
Coinbase CEO Brian Armstrong has publicly apologized for the breach and promised to implement additional security measures to prevent similar incidents from happening in the future.