Crypto Exchange’s leading Coinbase has issued urgent warnings to users following targeted security incidents, and publicly detailed it and tor attempts to customers in a recent official blog post.
Coinbase has revealed that cybercriminals have fed and recruited a group of Rogue’s overseas support agents to steal Coinbase customer data and promote social engineering attacks. These bad actors used cash offers to convince small groups of insiders to copy data to Coinbase’s customer support tool with less than 1% of Coinbase’s monthly trading users.
Cybercriminals have fed and recruited Rogue’s overseas support agents to extract personal data of less than 1% of Coinbase MTU. No passwords, private keys, or funds are publicly disclosed. Prime account cannot be touched. Refunds to affected customers. For more information, click here: https://t.co/sidvn59jcv
– Coinbase🛡️ (@coinbase) May 15, 2025
They aimed to compile a list of customers they could contact, pretending to be Coinbase and trick individuals into handing over the code. They then tried to force Coinbase for $20 million to cover this, but they declined.
A small subset of less than 1% of Coinbase MTU customers was affected, but no passwords, private keys or funds were publicly disclosed, and no Coinbase Prime accounts were mentioned. Coinbase said it will work closely with law enforcement to pursue the harshest penalties possible, but will refund the refund to send funds to attackers while not paying $20 million in ransom demand.
Coinbase is establishing a $20 million reward fund for information that leads to the arrest and conviction of those responsible for the attack. An impact notification will be sent to affected users and the community will be updated as the investigation progresses.
An emergency warning has been issued
Coinbase warned users that infringers and fraudsters could possibly try to put pressure on the transfer of funds, whether they are related to the violation or not.
Users should note that Coinbase will never send a password, 2FA code, or assets to a new address, account, vault, or wallet. Providing a new seed phrase or wallet address to transfer coins will not send calls or text messages to consumers. If they receive a call along these lines, they should not answer. Coinbase does not require you to contact and reach unknown numbers.
Coinbase has outlined some best practices. This includes enabling the withdrawal permit list, using a powerful 2FA with hardware keys and paying attention before taking action.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
