←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 3 comments | 15 May 25 15:52 UTC | HN request time: 0.642s | source
Show context
mafriese ◴[16 May 25 08:30 UTC] No.44003034[source]
> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities

Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.

> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).

This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...

https://en.wikipedia.org/wiki/Vastaamo_data_breach

replies(4): >>44003213 #>>44003459 #>>44003599 #>>44013854 #
lm28469 ◴[16 May 25 08:59 UTC] No.44003213[source]
> •Name, address, phone, and email;\

> blackmail each individual user

Blackmail would be the least of my worries, in France we had at least five kidnappings/attempted kidnappings related to crypto investors since the beginning of the year.

replies(3): >>44003282 #>>44003329 #>>44003382 #
stringsandchars ◴[16 May 25 09:29 UTC] No.44003382[source]
This may seem callous, but isn't a large point of crypto that you are 'free' from the shackles imposed by the State?

And I guess that includes protection from criminals by the oppressive forces of the State (aka the police). In which case being kidnapped and having your fingers sent to your family is an integral part of your 'freedom'.

replies(8): >>44003398 #>>44003450 #>>44003666 #>>44003691 #>>44003772 #>>44003902 #>>44004223 #>>44005823 #
machtiani-chat ◴[16 May 25 10:24 UTC] No.44003666[source]
Crypto isn’t synonymous with anarchy, just like the internet isn’t synonymous with pornography. Both are cliches from long ago.

All of the victims are likely tax payers. Law and order is a fundamental service that a legitimate state must provide to all in its jurisdiction, even those who are only resident non-citizens and those that pay little to no taxes in a progressive tax system.

replies(1): >>44003834 #
stringsandchars ◴[16 May 25 10:53 UTC] No.44003834[source]
> Crypto isn’t synonymous with anarchy, just like the internet isn’t synonymous with pornography. Both are cliches from long ago.

Saying crypto isn’t synonymous with anarchy, like the internet isn’t with pornography, sidesteps the point. Pornography is just one use of the internet — not its central purpose.

But crypto wasn’t just built to host financial activity — it was designed to restructure it, removing reliance on central authorities. That core intent isn’t a cliché; it’s a defining feature.

Comparing it to incidental internet content is a rhetorical deflection, not a real counterpoint.

replies(3): >>44003882 #>>44003889 #>>44004246 #
1. mjburgess ◴[16 May 25 11:03 UTC] No.44003889[source]
That's not what it was designed for, that's just a mixture of propaganda and confusion.

It was designed to solve the double-spending problem with digital currencies, replacing the need for "a authoritative ledger" with a one difficult to forge.

The political project around this was to provide people with a deflationary currency akin to gold, whose inflation could not be controlled by government.

The lack of government control over the inflation of this particular currency, and the lack of an authoritative ledger, are an extremely minimal sense of currency protections (, freedoms). They have as much to do with anarchy as the internet had with porn.

replies(1): >>44004984 #
2. philipwhiuk ◴[16 May 25 13:03 UTC] No.44004984[source]
It was designed to avoid the need for existing financial institutions. The doublespend problem was merely the blocker that prevented people from otherwise doing it.

> A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.

replies(1): >>44008920 #
3. mjburgess ◴[16 May 25 19:18 UTC] No.44008920[source]
That's not anarchy though, that's paypal c. yr 2000