Coinbase’s Insider Breach: What Actually Happened—No Clickbait, Just Brass Tacks
How a $20M Bribe, an Offshore Help-Desk, and Coinbase’s Reverse Ransom Exposed the Real Weak Link—Us
By James Azar, CISO & Host, CyberHub Podcast
TL;DR (for the practitioners in the back)
Attack vector: crooks bribed offshore customer-support contractors—our favorite “cheap labor” gambit—to exfiltrate customer data.
Data lifted: names, addresses, phone numbers, government-ID images, partial SSNs, limited account metadata. No passwords, 2FA codes, or private keys touched.
Impact window: < 1 % of Coinbase’s monthly transacting users.
Extortion play: attackers demanded $20 million; Coinbase flipped the script and put a $20 million bounty on the crooks instead.
Price tag so far: the exchange tells the SEC the bill could hit $180-$400 million in reimbursements and remediation.
Lesson: humans—especially third-party humans—remain your soft underbelly.
Keep reading with a 7-day free trial
Subscribe to CISO Talk by James Azar to keep reading this post and get 7 days of free access to the full post archives.