Badische Presse - Coinbase expects data breach to cost it up to $400 mn

Instead of paying up, Coinbase informed US regulators about the theft and made plans to spend from $180 million to $400 million to reimburse victims and deal with the situation.

"Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks," the leading US cryptocurrency exchange said in a blog post.

"These insiders abused their access to customer support systems to steal the account data for a small subset of customers."

Social engineering is a hacker reference to manipulating people into giving up sensitive information, computer access or, in this case, digital money.

Criminals got information including phone numbers, email addresses, and partial social security numbers about less than one percent of Coinbase monthly users, the company reported.

"Their aim was to gather a customer list they could contact while pretending to be Coinbase - tricking people into handing over their crypto," Coinbase said in the post.

Coinbase told regulators it got an email from an "unknown threat actor" on May 11 showing that inside information had been obtained and demanding $20 million to keep it secret.

Coinbase refused, instead going public with an offer of $20 million in reward money for information leading to the arrest and conviction of the attackers.

The workers involved with leaking information were fired and fraud-monitoring systems are being ramped up, according to Coinbase.

Coinbase shares were down more than six percent in late day trading in New York.

W.Schneider--BP