Coinbase 8K SEC filing for breach
12 comments
·May 16, 2025mafriese
lm28469
> •Name, address, phone, and email;\
> blackmail each individual user
Blackmail would be the least of my worries, in France we had at least five kidnappings/attempted kidnappings related to crypto investors since the beginning of the year.
bambax
Yes that's true but it's weird they only focus on crypto investors' families? There are many rich people in France, what's the deal with cryptobros?
rglullis
It's easier and faster to send the money without having to go to the bank.
paranoidrobot
Because it's easier to move crypto than physical cash.
silisili
> the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs
Hopefully companies take this as a lesson about bottom dollar outsourcing your CS.
For those amounts, they could afford to have hired regionally local support agents, and paid them well over industry standard...
thephyber
But do they consider it a CS risk or a business-wide risk? Is there any role at CoinBase that isn’t susceptible to insider risk? I would argue they would treat it as a security department / business risk issue and not a CS-only issue.
Onshoring CS and paying some more for that role may result in a net change of 0 risk (eg. The same possibility of a breach over the same time interval).
Would a lower class (for that region) Alabama man have less the susceptibility to insider risk as a middle class (for that region) Philippino man?
Most likely, the company will focus on better segmentation and better adherence to least permissions for all roles.
Also, your logic is clouded by the fact that you know it happened. In all aspects of security/cybersecurity, risk is incredibly difficult to calculate because you have to accurately know how much a counterfactual would cost in order to accurately choose one option over the other.
rschiavone
HA! Good one. They won't.
soco
The global trend is racing to the bottom, so even if they could, every business consultant or MBA would push them to rather put more AI agents instead. Because that's all what matters (to them). Did anybody learn anything out of this? Of course not.
asim
Assuming they will have to inform the individuals who's data was actually breached/taken? Or is this basically the entire customer base? In which case that is VERY bad.
Flex247A
Just when it was included in S&P500 :(
coinbased2
[dead]
> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities
Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.
> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).
This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...
https://en.wikipedia.org/wiki/Vastaamo_data_breach