According to Foresight News and a report by Fortune magazine, Coinbase disclosed a data breach where criminals bribed overseas customer service staff, resulting in the leak of certain records including customer addresses, phone numbers, government ID documents, and some bank and social security records. The company stated that the stolen data (excluding login credentials or wallet access) accounts for less than 1% of monthly active trading customers. According to Coinbase's latest financial report, this means that fewer than 84,000 customers are affected. Coinbase's Chief Security Officer Philip Martin stated in an interview with Fortune magazine that all the dismissed customer service staff worked in India. This suggests that the bribing scammers are likely Indian citizens, although this has not been confirmed.
Criminals attempted to extort Coinbase, demanding $20 million in Bitcoin in exchange for not disclosing details of the data theft. The criminals used this data to carry out social engineering scams against Coinbase customers, impersonating company employees to trick them into revealing account information. Coinbase did not disclose how many customers fell victim, but stated that it will compensate all affected customers. In this regard, Coinbase announced that it will pay $20 million to whistleblowers who provide tips that help capture and convict the criminals. The company stated that whistleblowers can use the email [email protected] and mentioned that it is working with U.S. and international law enforcement to track down the criminals.
