I have recordings proving Coinbase knew about breach months before disclosure

(jonathanclark.com)

685 points jclarkcom | 2 comments | 16 Nov 25 20:18 UTC | HN request time: 0s | source

Show context

jclarkcom ◴[16 Nov 25 20:18 UTC] No.45948059[source]▶

In January 2025, I was targeted by scammers who knew my exact Bitcoin balance, SSN, DL, and other private Coinbase account details. I immediately reported this to Coinbase's Head of Trust & Safety with recordings and technical evidence. Despite repeated follow-ups asking how attackers had my data, Coinbase went silent for 4 months. They only disclosed the breach in May after attackers demanded $20M ransom. The breach involved overseas contractors at TaskUs being bribed for customer data. This article documents the timeline with emails, recordings, and evidence showing Coinbase was aware of the breach months before their official "discovery" date.

replies(3): >>45948243 #>>45948376 #>>45952887 #

1. nightpool ◴[16 Nov 25 21:02 UTC] No.45948376[source]▶

>>45948059 #

You mentioned that the DKIM headers "passed validation for coinbase.com". How could that have been possible, if the email was a phishing email? I'm not sure I understood that part, especially because you didn't provide any examples of the header data you received from the attacker.

replies(1): >>45948802 #

2. Cantinflas ◴[16 Nov 25 21:58 UTC] No.45948802[source]▶

>>45948376 (TP) #

Yeah this is very confusing for me too, how could the attackers create a valid DKIM signature for coinbase.com? Either there is a huge misconfiguration or it's not possible. Am I missing something?

↑