←back to thread

Coinbase says hackers bribed staff to steal customer data, demanding $20M ransom

(www.cnbc.com)
410 points gpi | 1 comments | 15 May 25 15:52 UTC | HN request time: 0.22s | source
Show context
mafriese ◴[16 May 25 08:30 UTC] No.44003034[source]
> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities

Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.

> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).

This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...

https://en.wikipedia.org/wiki/Vastaamo_data_breach

replies(4): >>44003213 #>>44003459 #>>44003599 #>>44013854 #
lm28469 ◴[16 May 25 08:59 UTC] No.44003213[source]
> •Name, address, phone, and email;\

> blackmail each individual user

Blackmail would be the least of my worries, in France we had at least five kidnappings/attempted kidnappings related to crypto investors since the beginning of the year.

replies(3): >>44003282 #>>44003329 #>>44003382 #
bambax ◴[16 May 25 09:12 UTC] No.44003282[source]
Yes that's true but it's weird they only focus on crypto investors' families? There are many rich people in France, what's the deal with cryptobros?
replies(5): >>44003306 #>>44003313 #>>44003399 #>>44003672 #>>44003690 #
mafriese ◴[16 May 25 09:32 UTC] No.44003399[source]
You can easily establish the connection from a bank account to a person. A connection from a crypto wallet to a person is extremely difficult. Money laundering with crypto is also much easier (and cheaper usually).
replies(2): >>44003955 #>>44004296 #
smeej ◴[16 May 25 11:14 UTC] No.44003955[source]
In the vast majority of cases, it's actually extremely easy. It took less than an afternoon for me to learn how to trace 90%+ of transactions on either BTC or any of the networks built on Ethereum or an Ethereum-like protocol. There are large companies that specialize in exactly this, which make tools that allow government agents who have no particular crypto expertise to trace the majority of transactions.

It is possible to make your transactions extremely difficult to trace, but you really, really, REALLY have to know what you're doing.

Law enforcement loves that people think it's easy and cheap to launder money with crypto, though. It's made it vastly easier for them to catch those people!

replies(2): >>44004060 #>>44004773 #
1. mafriese ◴[16 May 25 11:28 UTC] No.44004060[source]
I never doubted that it's possible but it's way harder than identifying bank accounts. There is a massive business behind crypto tracking, that's why companies like MasterCard have acquired CipherTrace. Some years ago there was a really good article / case study from them. I think it was related to a ransomware gang and they were able to identify the threat actor's wallets through crypto tumblers and chain hopping. It's just a matter of how much money and time are you willing to invest into finding out and not a matter of possibility.