How an insider-led breach sparked a costly scam at Coinbase

By: cryptoslate|2025/05/16 02:15:05

Alliance DAO contributor Qiao Wang has detailed a sophisticated social engineering scam targeting Coinbase users amid the firm’s insider-led data breach incident.In a May 15 post on social media, Wang revealed how attackers impersonate exchange staff using personal data obtained through a recent internal breach. Individuals contacted him, claiming to represent Coinbase and warning of a supposed compromise on his account before conducting identity verification steps. The impersonators requested details about account balances to prioritize high-value targets, then instructed victims to transfer assets to a Coinbase Wallet. Under the guise of assisting with wallet setup, the attackers provided a pre-generated seed phrase, giving them full control once the user moved the assets. Wang said he called the scammers out at the end of the call:“I called them out at the end of the call telling them they need to step up their game cuz this scam is retarded. They told me [they] had made $7m that day.”Personal security at riskCoinbase disclosed earlier on May 15 that it experienced a data breach affecting less than 1% of its monthly active users. The incident, which the company said did not compromise login credentials or private keys, was traced to the bribing of a group of overseas customer support agents to leak sensitive data. Information included names, contact details, identity documents, and masked banking and social security data.According to a statement, Coinbase terminated the involved insiders and is cooperating with law enforcement to investigate the breach. CEO Brian Armstrong confirmed that the attackers attempted to extort $20 million in Bitcoin from the company, a demand that Coinbase rejected. Instead, the firm is offering a $20 million reward for information leading to the perpetrators’ arrest. Coinbase also stated it will reimburse affected users.Despite the reimbursement promises, Wang called for Coinbase to treat the potential exposure of users’ home addresses and government-issued IDs as a personal safety issue, which is worth “way more than loss of funds.”Remediation costs up to $400 million In recent months, ZachXBT has attributed more than $300 million in annualized Coinbase user losses to similar social engineering operations, many of which involve impersonation, seed phrase extraction, and fund redirection.In an accompanying Form 8-K filing with the US Securities and Exchange Commission (SEC) on May 15, Coinbase disclosed that it is still assessing the total financial ramifications of the security lapse. Based on current data, the company’s preliminary estimates place remediation costs and voluntary customer reimbursements between $180 million and $400 million.Additionally, Coinbase reiterated in the document that it would not pay the ransom demanded by the attackers. The company stated it intends to pursue all legal avenues against the individuals responsible for the attack and is continuing its investigation into the full scope of the incident.The post How an insider-led breach sparked a costly scam at Coinbase appeared first on CryptoSlate.

AI has become critical infrastructure, and governments and corporations are competing to control it. Centralized development and regulation are entrenching existing power structures. The Web3 community is building a decentralized alternative — distributed compute, token incentives, and community governance — before that window closes.

Vitalik wrote a proposal teaching you how to secretly use AI large models

Vitalik believes that in the AI era, users should not have to give up their identity to use an AI tool.

On the eve of the explosion of on-chain options

Options are becoming a new anchor in the cryptocurrency market.

WEEX AI Hackathon: How Did This AI Trading Winner Succeed?

A self-taught AI trading enthusiast achieved top-10 results at the WEEX AI Hackathon. Learn about the mindset, AI tools, and lessons behind this impressive performance.

One Balance to Rule Them All: Gravitas' On-Chain Prime Broker Ambition

Forty years ago, a technological revolution broke the isolation of information, reshaping Wall Street. Forty years later, Grvt aims to break the isolation of capital with an on-chain prime brokerage model.

That person who cashed out at the NFT peak is now selling a new shovel in the OpenClaw craze

A skilled person never picks the table, they eat meat with every bite.

Inter-generational Prisoner's Dilemma Resolution: The Nomadic Capital and Bitcoin's Inevitable Path

When the Baby Boomer generation collectively sells off, who will be the "bag holder" in the next asset crash?

Upstream and downstream are starting to fight, all for the sake of everyone being able to "Lobster"

「Lobster」 may not be a mature product yet, but it has already ushered in a new era of 「AI Assistants」.

Circle and Mastercard Announce Partnership, the Next Stage for the Crypto Industry Belongs to Payments

Stablecoins are transitioning from a speculative tool to real financial scenarios such as payments, cross-border transfers, and store of value.

From 5 Mao per kWh of Chinese electricity to a $45 API export: Tokens are rewriting currency units

When the same unit can both measure hashing power and facilitate payments, it ceases to be just a term and begins to evolve into a new currency of both value and influence.