Cybercriminals Hit Coinbase, Steal Sensitive Customer Data

Coinbase Says Cybercriminals Stole Customer Data, Demanded $20 Million Ransom

Coinbase Global said Thursday that it has refused to pay a $20 million ransom demand from cybercriminals who bribed the company’s overseas customer support agents to steal sensitive user data.

The cryptocurrency exchange estimated that the incident could cost from $180 million to $400 million, between fixing the underlying issues and reimbursing customers, according to a regulatory filing.

The disclosure sent the company’s stock down more than 7% on Thursday. The data breach is a setback for the largest U.S. crypto exchange, which has cultivated a reputation for safety and largely avoided the type of attacks and thefts that have crippled many overseas exchanges.

The company said it received an email on Sunday from an unknown party who claimed to have obtained information about certain customer accounts, adding that the threat actor appears to have obtained the information by paying multiple contractors or employees working in support roles outside the U.S.

Coinbase Probed by SEC Over User Number Misstatement Concern

The SEC has been investigating crypto exchange Coinbase (COIN) over whether it misstated its user numbers in past securities filings and marketing materials.

The probe began under the former presidential administration while the SEC was still under the control of then-Chair Gary Gensler, according to the NYT, which first reported the story, but has persisted under the SEC’s current, crypto-friendly leadership.

The metric at the heart of the investigation is Coinbase’s claim to have over 100 million “verified users.” It stopped using the metric in both disclosure and marketing materials in 2021, the year it went public on the Nasdaq.

Paul Grewal, Coinbase’s chief legal officer, told CoinDesk in an emailed statement that the SEC’s investigation is a “hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public.”

Crypto High-Rollers Go Big on Bodyguards to Deter Kidnappers

Even before Coinbase Global Inc. disclosed that hackers had stolen the home addresses and account balances of its customers, Jethro Pijlman was seeing an uptick in interest from concerned clients with large crypto holdings who were looking for bodyguards and other forms of protection.

Pijlman works for an Amsterdam-based firm that provides physical security and intelligence services to cryptocurrency holders who have become worried about the wave of kidnappings that have hit the industry — the most recent of which occurred last week, when assailants tried to abduct the daughter and grandson of a French cryptocurrency executive.

Alabama Man Sentenced for Hacking SEC’s Social Media to Post Fake Bitcoin ETF News

A 26-year-old man from Alabama has been sentenced to more than a year in prison for his role in a social media hack that briefly sent the price of bitcoin. Eric Council Jr. of Huntsville pleaded guilty to charges tied to the January 2024 hack of the U.S. Securities and Exchange Commission’s X account, according to a U.S. Department of Justice press release.

Posing as a telecom customer using a fraudulent ID, Council used a SIM-swap technique to hijack a phone number tied to the SEC’s account. His co-conspirators then used it to falsely post that the agency had approved spot bitcoin exchange-traded funds (ETFs), a long-awaited regulatory milestone.

Within minutes, the price of bitcoin surged by more than $1,000. It crashed soon after, losing more than $2,000 in value once the post was revealed as fake. The SEC did later that month approve the launch of spot bitcoin ETFs.

Authorities say Council was paid in bitcoin for his role. He will serve 14 months in prison followed by three years of supervised release.

Mary Jo White, Danielle Sassoon Kick Off White Collar Crime Institute

White noted that there is no law dictating separation between Main Justice and individual U.S. attorney’s offices, which has been the norm since Watergate. That distance, she said, is necessary to maintain credibility.

“Obviously the degree of difficulty is higher now, I think in that regard,” the former SEC chair said. “I think it’s really more the relationship now that is different.”

Independence, she added, is “something you have to preserve. Because if you lose it, you could not get it back.”

In a wide-ranging conversation moderated by Sassoon, White reflected on her career, shared her leadership philosophy, and opined on the changes she’s seen in white collar enforcement.

White also lauded Sassoon, who resigned earlier this year from her role as acting U.S. attorney when given what was widely considered an improper directive from the Department of Justice to drop the public corruption case against New York City Mayor Eric Adams.