Skip to content
Crime-and-justiceTokenTradingDaoEthereumCryptoBusinessCybersecuritygeneral-newsIcoBitcoinDecentralizedCrypto exchangetechnologyFinance

Insider Leak Sparks Outcry Against Coinbase

Angry users voice concerns over Coinbase due to late disclosure and perceived dangers following an insider's leak of users' confidential information.

 and  Administrator
4 min read
Angry users accuse Coinbase of hiding risks and slow disclosure, following an insider leak of...
Angry users accuse Coinbase of hiding risks and slow disclosure, following an insider leak of sensitive user data.

Insider Leak Sparks Outcry Against Coinbase

Unsettling Crypto Breach: Coinbase Data Leak Uncovers Major Vulnerabilities

The foremost US cryptocurrency exchange, Coinbase, is grappling with intense backlash following reports of a secretive employee leak of sensitive user data.

Users are fuming as revelations suggest the risky situation was known by Coinbase for months before they publicly disclosed the incident.

Raging Over Months-Old Undisclosed Data Leak

The insidious leak, estimated to have affected "a mere fraction" (roughly 1%) of Coinbase's monthly active users, has erupted into a fierce storm throughout the crypto community. Astonished users report being besieged by meticulously crafted phishing and impersonation scams.

One such victim, QwQiao - an alleged target who serves in customer support at Alliance DAO - shares his close shave with the scammers. He recounts the commendable cunning that kept him from falling prey, conclusively proclaiming, "I called them out, telling them they need to step up their game since this scam is absurd. They informed me they had amassed $7 million on that particular day."

Adam Cochran, a distinguished figure on Twitter, denounced Coinbase for failing to safeguard sensitive documents like government IDs and residential addresses. He asserts that these vulnerabilities pose potential hazards that extend far beyond financial losses.

"Coinbase's concentration on stolen funds in their disclosure is unimportant...There is no need for KYC/AML policies to provide access to customer support agents for these kinds of private data. I don't want to hear about Coinbase's recovery efforts; I want to understand their strategy for addressing private data," he declares emphatically.

The uproar comes minutes after allegations that the breach may have originated as far back as January. Critics argue that Coinbase's supposed silence left users exposed and defenseless for months on end.

In a poignant tweet, Duo Nine, a renowned analyst, pointedly notes, "Coinbase knew their user data was compromised since January, yet remained tight-lipped until now? We've had an endless string of reports about Coinbase users getting drained by impersonators. Now we know why."

According to Duo Nine, Coinbase's oversight lays the groundwork for heightened risks to even institutional holdings. Given its dominant role in the crypto spot ETF (exchange-traded fund) market, Coinbase provides custodial services for nearly all Bitcoin and Ethereum ETFs.

"It's alarming that so many crypto ETF issuers have the same custodian for all their Bitcoin and Ethereum holdings, making Coinbase a potential single point of failure, and that's truly unnerving," asserts Eleanor Terret recently.

Coinbase failed to respond promptly to BeInCrypto's request for comment.

Unpredictable and Perilous Risks

Concerns arise that this breach could be uniquely destructive because Coinbase, unlike many other victims, was not hacked. Instead, the information was accessed and sold by a support employee on the black market.

This raises concerns about inadequate internal controls within the exchange. Position trader Bob Loukas openly expresses his discontent, bluntly stating, "It's unacceptable that you allowed support agents to access sensitive data without proper oversight."

The implications surpass financial theft, with Rotki founder Lefteris Karapetsas warning that centralizing real-life identity data alongside crypto balances amounts to a "disaster waiting to happen."

"Coinbase once again demonstrates why centralized data repositories are a disaster waiting to happen. KYC (Know Your Customer) means entrusting your identity to be leaked, sold, or extorted. The combination of personal details (real-life addresses, crypto addresses, and amounts) disclosed here is hazardous," he writes.

Rotki is a portfolio tracking app, with Karapetsas, a data protection expert, referencing a recent kidnapping attempt involving the family of a Paris-based crypto leader as evidence. Corporate attorney Ariel Givner, a fintech specialist, echoes the real-world anxieties.

"I've been contacted by five individuals today. They are afraid – it can get worse," she writes ominously.

Intelligence specialists suggest that the incident may be part of a broader dark web sale. According to cybersecurity sources, a threat actor recently peddled an 18-million-record trove from US crypto platforms, including over 432,000 Coinbase user records for $10,000, featuring names, emails, phone numbers, addresses, and other sensitive details.

Coinbase has yet to address the public outrage but offers a $20 million reward fund for information leading to the arrest and conviction of culprits. The exchange claims it has reached out to all affected customers.

"If your data was accessed, you have already received an email from [email protected]; all notifications went out at 7:20 a.m. ET to affected customers," Coinbase Support explains on Twitter.

Expand Your Crypto Horizons with Uphold

  • Obtain Early Access to Emerging Tokens: Be among the first to trade novel digital assets.
  • One-Step Trading: Effortlessly exchange between all supported assets.
  • Multi-Asset Support: Trade cryptocurrencies, stocks, and precious metals in one unified platform.

Join Uphold Today!

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to delivering honest, transparent reporting. This article aims to provide accurate, well-timed information. However, readers are encouraged to verify facts independently and consult experts before making any decisions based on this content. Please remember that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

  1. The crypto community is outraged over the months-old undisclosed data leak at Coinbase, the prominent US cryptocurrency exchange.
  2. Sensitive user data, including government IDs and residential addresses, were estimated to have affected around 1% of Coinbase's monthly active users.
  3. Users have been subjected to targeted phishing and impersonation scams, with one victim revealing a scammer's claim of having amassed $7 million on that particular day.
  4. Adam Cochran, a well-known figure on Twitter, criticized Coinbase for its lax cybersecurity measures and potential risks extending beyond financial losses.
  5. Concerns about inadequate internal controls within the exchange have been raised, as the data was accessed and sold by a support employee instead of through a hack.
  6. The incident may be part of a broader dark web sale, with cybersecurity sources reporting the sale of an 18-million-record trove from US crypto platforms, including over 432,000 Coinbase user records.
  7. In response to the public outrage, Coinbase offered a $20 million reward fund for information leading to the arrest and conviction of the culprits, and claimed to have reached out to all affected customers.

Read also:

    Related

    Latest