🟠Welcome to the dark side of Web3 customer support. Hackers bribed Indian-based Coinbase contractors and got access to sensitive user data—names, emails, phone numbers, masked bank info, and even ID photos. The prize? A fat ransom demand of $20M.
🟠#coinbase didn’t flinch. Instead of paying, they fired the compromised agents, reported the attack to law enforcement, and offered a reverse bounty: $20M for info leading to the hackers’ arrest.
🟠The damage? Less than 1% of users compromised—but the fallout is real. Coinbase expects to shell out $180M to $400M in reimbursements, fraud protection, and legal cleanup. And yes, its stock dipped hard right before they’re due to enter the S&P 500.
🟠The kicker? Victims got calls pretending to be from Coinbase. #scammers had their data and told them to "verify" info or move funds to a fake "self-custody wallet." One hacker bragged: “We made $7M today.”
🟠Meanwhile, regulators are circling. The SEC is probing Coinbase (again), this time over allegedly inflated user stats from their IPO era.
💭 Lesson? OPSEC isn’t just on-chain. Vet your support vendors like your validators. And never trust a DM asking for your seed. Coinbase survived this round. But the bigger question: who’s next?
