CryptoScam

Cryptocurrency giant Coinbase is facing a serious data breach scandal. According to a Reuters investigation, the exchange was aware of a major data leak as early as January 2025, yet only went public in May—after receiving a ransom threat.
The incident involved customer support agents from Indian-based outsourcing firm TaskUs, some of whom were allegedly bribed by hackers to leak user data. Coinbase now estimates the breach could cost the company up to $400 million, and it faces a federal lawsuit and regulatory scrutiny.

Internal Warnings Months Before Public Disclosure
Sources close to the matter revealed that Coinbase was alerted in January when a TaskUs employee in India was caught photographing sensitive data on a work computer using her personal phone. The employee and an alleged accomplice were bribed by hackers, who used the stolen data in social engineering attacks targeting Coinbase users.
Following the incident, over 200 TaskUs employees were let go from the Indore office, prompting local media attention. Yet Coinbase didn’t go public until May 11, after it received a $20 million ransom demand.

A Campaign Fueled by Outsourcing and Weak Security
Coinbase had long worked with Texas-based TaskUs to cut costs by offloading customer support to low-wage countries like India. Since 2017, TaskUs agents had been handling Coinbase customer queries, often earning just $500 to $700 a month—a low enough salary to make them vulnerable to bribery.
After the breach came to light, Coinbase cut ties with the affected TaskUs staff and other unnamed international vendors. The exchange said it had notified regulators, reimbursed affected users, and strengthened its internal controls.

Hackers Used Social Engineering to Scam Users
Coinbase wallets themselves weren’t hacked. Instead, attackers used stolen personal data to impersonate Coinbase support agents, convincing victims to voluntarily transfer their crypto assets. The scams were highly convincing, with attackers speaking fluent North American English.
The attack has been linked to a loosely organized group known as “Comm”, composed of young but skilled hackers. A Fortune report revealed that members had specialized roles: some bribed insiders, others executed the scams. The group used platforms like Telegram and Discord to coordinate and split the profits.

Coinbase Presses On Despite the Breach
Despite the severity of the incident, Coinbase continues to grow. The company was recently added to the S&P 500 index and has announced a strategic acquisition. CEO Brian Armstrong reaffirmed his vision to make Coinbase a global leader in financial services over the next decade.

A Broader Wake-Up Call for Crypto
According to Chainalysis, crypto-related hacks exceeded $2.2 billion in damages in 2024. The Coinbase case highlights the escalating risks of outsourcing and the growing sophistication of attackers in the world of digital finance.

#coinbase , #Cryptoscam , #CyberSecurity , #CryptoNewss , #StaySafe

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Another serious security breach has shaken the crypto world. The Nervos Network has fallen victim to an exploit after attackers took control of its cross-chain bridge Force Bridge, leading to the theft of approximately $3 million in digital assets.

Attackers Took Over Force Bridge and Laundered the Funds
According to initial reports, an unknown attacker managed to seize control of the Force Bridge—used to connect different blockchains within the Nervos ecosystem. After gaining access, they moved the assets to Ethereum and laundered them through the privacy tool Tornado Cash.
This tactic made it nearly impossible to trace or recover the stolen funds—Tornado Cash is specifically designed to obfuscate transaction trails.

Magickbase and Cyvers Sound the Alarm
The first warning came from Magickbase, a developer of desktop wallets integrated with Nervos. In a post on X (formerly Twitter), the team reported suspicious activity on Force Bridge and immediately shut down related services as a precaution:
“We detected abnormal activity on #ForceBridge and proactively paused the service. Our team is investigating the situation.”

Blockchain security firm Cyvers Alerts followed up with a detailed analysis, confirming that a suspicious address had taken over the bridge and initiated unauthorized transfers from the Nervos network.

Tornado Cash Used as a Laundering Tool
The attacker moved the stolen assets to Ethereum and began funneling the funds through Tornado Cash—a crypto “mixer” that hides transaction origins and destinations. This method of money laundering has become increasingly common among cybercriminals, and once the funds enter Tornado, recovery becomes nearly impossible.

A Growing Threat Across the Blockchain Space
Unfortunately, this isn’t an isolated case. Cross-chain bridges—technologies meant to connect different blockchain ecosystems—have become one of the most targeted components in crypto infrastructure.
Just in the past year, we've seen similar exploits affect the Ronin Bridge, Binance Bridge, Orbit Chain, Socket, and more, costing users millions of dollars.
The Force Bridge was part of Nervos Network’s broader vision of secure and scalable blockchain interoperability. The network has long been praised for its hybrid model that combines Bitcoin’s UTXO system with smart contract functionality. In a 2024 report, Messari even named Nervos CKB a potential breakthrough platform in blockchain programmability.
However, this breach highlights the harsh truth: even technically advanced networks are only as secure as their weakest component.

Tornado Cash: Privacy Protector or Criminal Gateway?
This incident also reignites the ongoing debate around tools like Tornado Cash. While proponents argue it provides privacy benefits to regular users, criminals continue to exploit it to clean massive amounts of stolen funds.
Given the increasing frequency of such events, it's likely that regulatory pressure on privacy-focused tools will continue to intensify.

#Cryptoscam , #CyberSecurity , #NervosNetwork , #BlockchainSecurity , #TornadoCash

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“