Coinbase Hack Highlights How Greed Can Overwhelm Cyber Defenses

(Bloomberg) -- Following cybersecurity best practices doesn’t always protect against human greed. 

Scammers again proved that to be true by bribing Coinbase Global Inc. representatives based in India to steal customer data from the cryptocurrency company and then demanding a $20 million ransom.

The fraudsters offered cash to the Coinbase customer representatives in exchange for users’ names, addresses, government ID images and other data, the company said Thursday. They then intended to use that illicitly obtained information to pose as Coinbase and dupe customers into giving up their crypto. 

Coinbase said it detected multiple instances of customer support agents gathering information about users that they didn’t need for their jobs. Then, on May 11, an unknown attacker emailed Coinbase to demand an extortion payment in exchange for not going public with the information. That’s when it became clear that the representatives were operating as part of the same scheme. 

Coinbase now expects to pay up to $400 million to resolve the incident, the company said in a filing with the US Securities and Exchange Commission. 

If the scheme sounds familiar, that’s because it’s awfully difficult for companies to figure out how to stop their employees from accepting cash from crooks on the side. Matt Cohen, chief executive officer of the cybersecurity firm CyberArk, said the episode points to the “fragility of the human access point.”

“It’s still always going to be the weakest link — the people themselves,” Cohen said. “Whether they’re being phished to be breached or paid to be breached it, doesn’t change the fact that the vulnerability layer sits with people.”

The hacking group Lapsus$ in 2022 made its name by compromising big victims including Microsoft Corp., Okta Inc. and Samsung Electronics Co. The cybercrime spree was so successful in part because the gang made posts in its public Telegram channel offering compensation to employees at tech firms in exchange for their providing data or giving hackers a foothold into corporate networks. 

Security researchers told Bloomberg News at the time that the group’s tactics were “quite bizarre” but the unique methodology proved to be incredibly successful. 

SIM swappers also use bribery as a key tactic. These groups contact staffers at telecommunications companies and persuade them to hand over control of a phone number that belongs to someone else. Access to that number enables a fraudster to receive text messages and verification codes that they can use to access a victim’s protected accounts. 

Employees at Verizon Communications Inc. and T-Mobile USA Inc. have reported receiving text messages from scammers who promise hundreds of dollars to help them commit fraud. 

This kind of bribery continues to be successful because so many of the corporate employees and contractors who work directly with customers are paid low salaries and based outside the US. Companies trying to fix that issue will need to spend on more than just cybersecurity, especially as experts expect this kind of breach to become more common.

“Ten years ago it was largely unheard of for cybercriminal organizations to take advantage of the insider threat, at least monetarily,” said Allan Liska, a threat intelligence analyst at the cyber firm Recorded Future. “As these organizations continue to grow and profit from their attacks they will get better and more efficient at connecting with and bribing employees, contractors, partners and vendors for access.”  

--With assistance from Lynn Doan.

(Updates with Cohen quotes starting in 6th paragraph)

More stories like this are available on bloomberg.com

©2025 Bloomberg L.P.