←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.205s | source
Show context
thepasswordis ◴[15 May 25 16:40 UTC] No.43996769[source]
The problem is that it seems like the data that leaked is also the data that would be used to do account recovery.

And what that means is that

1) If you lose access to your account (through either your own fault, or coinbases fault) that the process of recovering it may not be so straightforward anymore.

2) Hackers can try to “recover” accounts now using this leaked info.

This is a huge problem. What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

The only solution here is: hardware 2 factor like yubikeys.

replies(9): >>43996798 #>>43998374 #>>43998426 #>>43999299 #>>43999324 #>>43999430 #>>43999499 #>>43999782 #>>44001348 #
piva00 ◴[15 May 25 16:43 UTC] No.43996798[source]
> What coinbase needs are IRL offices where you can go and do things like account recovery, and where people trying to steal money can be caught and prosecuted (and makes a huge barrier for the overseas thieves who are usually doing this)

That's just a bank.

replies(3): >>43996827 #>>43997006 #>>43997941 #
lovich ◴[15 May 25 18:37 UTC] No.43997941[source]
Watching crypto enthusiasts run into every problem that society already tackled with in the past when developing currency and its controls, and then coming up with solutions that look exactly the same as what dirty fiat currency uses, has been a source of much entertainment the past few years
replies(5): >>43998063 #>>43998367 #>>43998832 #>>43998852 #>>43999920 #
PinkSheep ◴[15 May 25 22:18 UTC] No.43999920[source]
> every problem that society already tackled with in the past

More KYC creates more problems while solving some others. Why didn't the same society despite KYC/AML tackle the problem pointed at in a previous comment? "Florida teens kidnap Las Vegas man, drive him to Arizona desert, steal $4M in cryptocurrency"[1] Why is there this crime?

Without mandatory KYC laws, this particular attack would be near pointless. No name tied to account, bookkeeping doesn't archive wire transaction details for the past 10 years.

Let businesses easily accept cryptocurrency (like... regular cash?), without a blade to their throat held by the government, and the need for such centralization points will greatly diminish. People get in trouble by p2p-exchanging money with unknown peers; in some instances this "trouble" has the unit of "years".

It's in nobodies' interest to protect cryptocurrency payments as the alternative, other than the activists, and the big groups jumping in on it for the speculation purposes - something they had refined decades ago. There's CBDC is on the horizon.

[1]: https://news.ycombinator.com/item?id=43999011

replies(2): >>44001627 #>>44002592 #
1. lovich ◴[16 May 25 03:37 UTC] No.44001627[source]
Yea see the problem is that you are arguing under some implicit idea that you’ll just accept the results of the system.

Every single crypto property I’ve talked to has ended up at a point where they believes that someone cheated them outside the bounds of the system and then look to authority figures to rectify the situation, like the government.

If you are someone who actually believes that crypto transactions should be unmodifiable by any third party then what you said makes sense. I just don’t think that anyone telling me they believe that isn’t lying to themselves at best, and lying to everyone else at worst