The US Department of Justice is investigating Coinbase Global’s (NASDAQ: COIN) customer service agent contracts in India, who allegedly accepted bribes in exchange for allowing criminals access to user data.
Investigators from the DOJ are inspecting the data breach, according to Bloomberg report published on Monday. Coinbase originally revealed this breach last week, indicating that a group of customer support contractors abused their privileged access to the company’s systems to steal account data for a small group of customers.
The company stated that even though no passwords, private keys, or funds were exposed during the breach, the attack led to social engineering attempts against users. This includes a Sequoia Capital partner. Estimated losses reached up to USD$400 million. Additionally, the attackers tried to extort $20 million from Coinbase to keep the breach quiet. Coinbase refused to pay.
Coinbase users have filed several lawsuits, alleging the company mishandled their personal data after the social engineering attacks. One user, a retired artist named Ed Suman, reported that scammers stole USD$2 million from him. Furthermore, Coinbase’s stock price fluctuated following news of the breach. An unrelated SEC probe into its reported “verified user” numbers also impacted investor confidence.
“We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,” said Paul Grewal, Coinbase’s chief legal officer.
Coinbase released a list of what information the criminal party received. The attackers gained access to customer names, addresses, phone numbers, and emails, along with the last four digits of Social Security numbers and masked bank-account numbers, including some bank account identifiers.
Read more: Robinhood acquires Wonderfi Technologies in $178M all cash deal
Read more: Gryphon Mining and American Bitcoin agree to reverse takeover
Coinbase announced several steps to address the breach
The attackers did not access login credentials, two-factor authentication codes, private keys, or any ability to access customer funds. They also failed to access Coinbase Prime accounts or any Coinbase hot or cold wallets.
Coinbase announced several steps to address the breach and protect users going forward.
Firstly, the company pledged to reimburse customers who were tricked into sending funds to the attacker through social engineering. To improve safeguards, the company added extra ID checks for large withdrawals and introduced mandatory scam-awareness prompts.
Furthermore, flagged accounts may experience delays as Coinbase closely monitors high-risk transactions. The company is also opening a new support hub in the U.S. and enhancing controls and monitoring at support locations.
To strengthen its internal defenses, Coinbase has increased investments in insider-threat detection, automated responses, and threat simulations. Coinbase also committed to staying transparent and will continue updating the community as the investigation moves forward.
Data breaches and social engineering attacks like the one at Coinbase happen regularly in the crypto and tech sectors. Phishing and impersonation scams remain among the most common attack methods.
According to a 2023 Chainalysis report, social engineering played a role in crypto-related losses, especially through fake platforms and impersonators.
Additionally, insider threats—where attackers bribe or manipulate employees—are becoming more frequent and damaging.
A 2022 Verizon Data Breach Investigations Report found that insider actions, whether malicious or accidental, caused over 20 per cent of breaches across industries. Furthermore, large crypto platforms are prime targets because they hold high-value assets and operate in fast-moving environments.
.
