Crypto exchanges are popular targets among cybercriminals. A huge crypto exchange has been breached, and while your money is safe, your personal data might have fallen into the wrong hands.

Rogue Support Workers Helped Breach Coinbase

Popular crypto exchangeCoinbase has discloseda data breach, claiming hackers “bribed and recruited” its support workers to steal customer data and scammed users into sending them money. Thecompany’s filing with the SECadds that it received an email from the hackers on May 11, claiming they have information on “certain Coinbase customer accounts” and internal company documentation, including materials related to its customer service and account management systems.

The hackers targeted Coinbase’s overseas customer support agents, using cash offers to let them copy data from the company’s customer support tools for “less than 1% of Coinbase monthly transacting users.” The goal was to collect a customer list to scam users into handing over their crypto assets via social engineering attacks. This isn’t the first timeCoinbase employees have been targetedeither.

They also tried extorting the platform for $20 million, but Coinbase refused to pay up. In the end, the hackers were able to get away with the following data:

The crypto exchange clarified that the stolen information doesn’t include login credentials or 2FA codes, private keys, or any access to customer funds. All Coinbase Prime accounts are also untouched.

How Is Coinbase Responding?

The responsible agents were “fired on the spot,” and Coinbase will be pressing criminal charges. In the meantime, the platform has set up a $20 million reward fund for any information leading to the arrest and conviction of the hackers. It’s also working with industry partners and law enforcement to track and recover any lost funds.

If your data was accessed in the breach, you should have received an email fromno-reply@info.coinbase.comexplaining the situation. The crypto exchange will also reimburse you if you were tricked into sending funds to the attacker in a social engineering attack. Its announcement clearly states:

Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts.

The announcement also warns of scammers posing as Coinbase employees asking you for your account password, two-factor authentication (2FA) codes, vault or wallet addresses, or pressuring you to move your money to a “secure” wallet. Other recommended best practices include enabling withdrawal allow-listing, using strong 2FA (preferably hardware keys), and locking your account if you suspect you’re being scammed.