Latest news with #CoinbaseGlobalInc
The Star
19-05-2025
- Business
- The Star
Crypto high-rollers go big on bodyguards to deter kidnappers
Even before Coinbase Global Inc disclosed that hackers had stolen the home addresses and account balances of its customers, Jethro Pijlman was seeing an uptick in interest from concerned clients with large crypto holdings who were looking for bodyguards and other forms of protection. Pijlman works for an Amsterdam-based firm that provides physical security and intelligence services to cryptocurrency holders who have become worried about the wave of kidnappings that have hit the industry – the most recent of which occurred last week, when assailants tried to abduct the daughter and grandson of a French cryptocurrency executive. "We've had more inquiries, more long-term clients, and more proactive requests from crypto investors who don't want to be caught off guard,' said Pijlman, a managing director at Infinite Risks International. "They're realising that intelligent security measures are part of the cost of doing business at this level.' People with crypto wealth face unique physical risks because public blockchain networks like bitcoin and ethereum allow tokens to be transferred instantly and anonymously. This means that if an individual is coerced into giving up the access credentials to their holdings, their assets can vanish within seconds with little chance of recovery. Conversely in traditional financial services, bank accounts can be frozen or seized by law enforcement, allowing more chances to get back lost money. The concerns about physical safety have come to the fore after the Coinbase attack because the hackers who penetrated the cryptocurrency exchange gained access to data that could allow them to identify and track down customers with large holdings – a frightening prospect just a few days after the kidnapping attempt in France. Several victims of the Coinbase breach declined to speak on the record to Bloomberg, citing concerns that their security may be jeopardised by being named in a story. "Crypto traders are acutely concerned about their privacy during data leaks,' said Ronghui Gu, co-founder of blockchain security firm CertiK and associate professor of computer science at Columbia University. "Cryptocurrency can be transferred with just a private key, and is extremely difficult to recover,' he added. "This makes crypto traders prime targets for criminals.' The industry's massive investments in protecting online systems may even be fueling the offline risks. Rapid crypto innovation has meant cracking cyber defences has become so challenging that adversaries are resorting to physical attacks, according to Charles Marino, CEO of the security firm Sentinel, which provides intelligence reports about ongoing threats in the crypto industry. "Right now, the crypto threat landscape is very high,' he said. The elevated concerns around the safety of crypto executives and their loved ones are illustrated by the amount of money that Coinbase spends to protect its own chief executive officer, Brian Armstrong. The company spent US$6.2mil (RM26.7mil) in personal security costs for Armstrong last year, according to an April regulatory filing that detailed executive compensation. That's more than the combined amount that JPMorgan Chase & Co, Goldman Sachs Group Inc and Nvidia Corp spent on their respective CEOs, similar filings showed. Representatives for Coinbase did not respond to requests for comment for this story. Coinbase has said that the leak affected less than 1% of its monthly transacting users. Yet for months, criminals had access to customer data that included their names, addresses, government-ID imagery, transaction history and account balances. Customer support workers in India were bribed to offer access to the company's data. Criminals have already used the information to trick some Coinbase customers into handing over access to their accounts or transferring their tokens. As with data leaks from traditional banks, personal information can be used for online fraud and identity theft. But the physical threats are of particular concern to crypto investors, many of whom have long operated anonymously to avoid threats. In the attempted kidnapping in Paris last week, criminals targeted family members of the CEO of Paymium, a French crypto exchange. While that attempt was foiled, it was only the latest in a string of similar attacks. David Balland, a co-founder of French crypto wallet startup Ledger SAS, was left with a mutilated hand after he and his partner were kidnapped in January. The attacks have escalated enough that France's Interior Minister Bruno Retailleau on Friday promised to establish a priority emergency police number for the industry. Elite French police units will also offer special briefings and security check-ups for crypto executives and their families. On social media, the kidnappings and recent Coinbase attack have led traders to say they're avoiding trips to France any time soon. EthCC, an annual crypto conference in Cannes, has increased security measures for this summer's gathering, according to a spokesperson for the event. This has included coordinating with multiple branches of French law enforcement, special forces and private security firms, they said, rather than just local police as had been done in previous years. These issues, though, have not just been confined to France. One bitcoin security expert, Jameson Lopp, keeps a running public database of physical attacks on cryptocurrency holders. It documents more than 20 incidents around the world this year alone. A number of US firms that work with digital tokens are paying for protection for executives. Circle Internet Group Inc., which declared its intention to go public earlier this year, spent about US$800,000 (RM3.4mil) on personal security for CEO Jeremy Allaire in 2024 while Robinhood Markets Inc spent about US$1.6mil (RM7mil) on Vlad Tenev, according to company filings. The amount these companies spend pales in comparison to the costs at some technology giants. Meta Platforms Inc's Mark Zuckerberg and Alphabet Inc's Sundar Pichai racked up US$27.2mil (RM 117.25mil) and US$8.2mil (RM 35.35mil) , respectively, in personal security costs, though their businesses are more valuable than any crypto company today. In addition to bodyguards, Pijlman's firm, Infinite Risks International, offers armored vehicles, home security assessments and social media monitoring to ensure that clients aren't revealing information about their physical location. "It often takes a close call or a story in the news to prompt action, but once they understand the threat, they want to take it seriously,' he said. "People are waking up to the fact that their digital success can create very real-world risks.' – Bloomberg
Yahoo
17-05-2025
- Business
- Yahoo
Popular stock crashes after hack news
Coinbase Global Inc (NASDAQ: COIN) opened low on Thursday and was down more than 5% in early trading after CEO Brian Armstrong shared a ransomware update. Armstrong took to X to openly address the hackers who wanted $20 million in Bitcoin. As of 9:56 a.m. EDT, Coinbase shares had dropped to $248.82, down 5.54% from the previous day, when shares closed at $263.41. COIN shares opened at $256.50 and went down as far as $247.55 before leveling off. The stock is still up over 41% for the month, and 20.46% in the last five trading days, as per charts from Yahoo Finance. The decline in the stock's price after Armstrong announced that hackers tried to deceive some overseas support agents into receiving a bribe and the hackers then gained access to a limited amount of customer data, but no passwords, no funds, and no private keys were compromised. While Armstrong has been praised for transparency due to his refusal to pay a ransom and offer a $20 million bounty for the attackers, his offering a bounty did not quiet any jitters within the market. One X user wrote, 'Coinbase should offer something to affected users.' As of the publication date, Coinbase has a total stock value of approximately $63.36 billion. Over the past year, its stock has traded as low as $142.58 and as high as $349.75. Coinbase produces about $5.32 in profits per share of its stock. Investors are currently paying about 47 times that amount to purchase a share, indicating the expectation for future growth. Coinbase is also going to be listed on S&P 500 on May 19. Investors seem to be evaluating the long-lasting impact to reputation and potential regulatory scrutiny of the breach in the long run. Earnings will be released sometime during the week of July 30 - August 4, 2025, so we may have further clarity about the financial impacts of the incident by that time. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
17-05-2025
- Business
- Yahoo
Potential S&P 500 stock stages a surprising comeback
Even with regulatory inquiries and investor skepticism, Coinbase Global Inc. (Nasdaq: COIN) — the largest crypto exchange in the U.S.— soared 9.01% on May 16, closing at $266.46. The jump was bolstered just days before the S&P Dow Jones Indices announced Coinbase's relocation into the S&P 500 index on May 19. Nonetheless, there are new headwinds for the rally. On May 15, reports surfaced that the U.S. Securities and Exchange Commission (SEC) is investigating whether Coinbase misrepresented user numbers in past disclosures. This investigation is another litigation headwind for the exchange on top of its own ongoing litigation with the SEC around whether particular tokens listed on its platform are securities. Coinbase CEO Brian Armstrong made headlines earlier this week with a bold statement about allowing cryptocurrency in 401(k) retirement accounts—an idea that sparked both excitement and criticism among traditional investors.
Miami Herald
16-05-2025
- Business
- Miami Herald
Coinbase hack rocks the company that led crypto into mainstream
On the long list of crypto companies that have been hacked, there are plenty of examples of financial losses that are much more painful than what Coinbase Global Inc. appears to be facing from the attack it disclosed on Thursday. Yet this one stands out for significance far beyond the $400 million the company expects it will cost: This time, the victim was arguably the most influential U.S. company in the industry. Coinbase is the firm that led the digital-asset industry's march into the mainstream financial system as the first publicly traded crypto exchange. It's the company that safeguards the lion's share of the $122 billion worth of tokens owned by spot-Bitcoin exchange-traded funds. And it's the firm that did much of the heavy lifting when it came to the industry's campaign spending spree to send a platoon of pro-crypto lawmakers to Washington this year. Indeed, the revelation of the hack comes just three days after the company's crowning achievement in mainstreaming the digital asset class with its addition to the S&P 500 Index, a development that will land its shares into trillions of dollars worth of retirement plans and other investment products that track the benchmark gauge. The hack, plus subsequent news of a lingering Securities and Exchange Commission investigation into how the company reported its user numbers, sent the shares down more than 7% on Thursday. While the company says the Coinbase Prime service that custodies crypto for ETF issuers and services other institutional investors was not affected, the hackers did have near-constant access to some of Coinbase Global Inc.'s most valuable customer data since January, according to a person familiar with the incident who asked not to be named discussing company matters. The hackers' scheme was brazen, if not especially impressive from a technology standpoint: They bribed customer representatives to steal client data and then demanded a $20 million ransom to delete it. Coinbase began noticing unusual activity from some of these representatives as far back as January, the company confirmed in an interview with Bloomberg News. The bribed reps got access to names, dates of birth, addresses, nationalities, government-issued ID numbers, some banking information as well as details about when customer accounts were created and their balances, the person familiar with the situation said. This information could be used to attempt to impersonate Coinbase and convince customers to let the hackers into their account. It could also be used to impersonate the victims with other service providers to attempt to convince them to let hackers into other financial accounts they maintain. For some traders with big balances on the exchange, the incident was alarming for reasons that go beyond the potential financial losses, considering the kidnapping and mutilation of a crypto startup co-founder earlier this year and reports of other similar incidents. "It's a major breach, the amount of personal information shared is staggering," said Mike Dudas, managing partner of web3 firm 6MV, who said he was targeted by the Coinbase hackers. "It will make people have to consider their personal physical security, especially with the things happening in France and elsewhere." The hackers had bribed enough customer service representatives to achieve effectively on-demand access to Coinbase customer information in the past five months, the person said. Coinbase Chief Security Officer Philip Martin disputed the assertion of near constant access, saying in an interview with Bloomberg News that the company pulled the agents' access as soon as it was discovered that they were improperly sharing information. Therefore the hackers "did not have persistent access over the course of the entire period," he said. "What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data," Martin said. Coinbase detected the agents, quarantined them and fired them, as soon as the company noticed the activity. "So there were a number of specific bribery incidents that this attack, that this threat actor is claiming credit for throughout the course of that time, but they did not have persistent access over the course of the entire period," he said. The hackers had access to this data as recently as Wednesday, the person familiar with the incident said. Martin said "we have no reason to believe that is true at all" but could not "prove a negative." Bloomberg News is aware of one notable, high net worth individual's data being accessed, whom Bloomberg is not disclosing for privacy reasons. David Jeong, a crypto founder in New York, said he received a text from unidentified number on April 3, in which he was asked to verify the login for his personal account. He then received another text from a different number on May 4. Jeong said he hasn't used a one-time password from Coinbase for two years. Coinbase said in a regulatory filing that it received an anonymous email from the hackers making their ransom demand on May 11. It added that in the months leading up to that email it had detected instances of customer support agents outside of the U.S. collecting data from internal systems. Last weekend, some premium customers received emails suggesting that their information had been accessed. "At Coinbase, we actively monitor our systems to ensure customer information is only accessed when necessary and in accordance with our strict security standards. We wanted to let you know that we detected activity suggesting that information related to your account may have been accessed in a way that did not align with our internal policies," the company said in a customer email reviewed by Bloomberg. "The information did not involve your password, seed phrase, or any other information that would have allowed someone to directly access your account or your funds." In the email, Coinbase recommended that customers ensure they're "regularly monitoring your account, using a strong and unique password." Less than 1% of the exchange's monthly transacting users were affected, Coinbase said Thursday. In addition to ramping up security controls for those affected, Coinbase said it would reimburse in full anyone who lost money. Instead of paying the ransom, the exchange is offering a $20 million bounty to anyone with information leading to the attackers' arrest and conviction. Hacks have long plagued the crypto industry, thanks to its heavy reliance on user anonymity and complex digital software. Around $2.2 billion was lost to such incidents in 2024, according to researcher Chainalysis. Operating under the threat of attack has been particularly painful for crypto exchanges, which are often major targets and face high ongoing costs to maintain tight security. This type of so-called social engineering attack - in which criminals use people to gain unauthorized access to data, rather than exploiting flaws in computer code - is a type of threat has become increasingly popular in crypto, resulting in recent major incidents like the $1.5 billion hack of crypto exchange Bybit in February. With a price tag of $400 million to cover the cost of repaying users, among other charges, the incident ranks as the eighth biggest hack crypto hack ever, according to Elliptic data. "Unfortunately as our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures," said Nick Jones, founder and CEO at crypto technology platform Zumo. "This is understandably a huge blow for a company that has had a pivotal few weeks." Meanwhile, the New York Times reported that the Securities and Exchange Commission has been investigating whether Coinbase misstated its user numbers in past disclosures as part of an inquiry that began during the Biden administration. "This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public," Paul Grewal, Coinbase's chief legal officer, said in a statement. "While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close." (With assistance from Muyao Shen and Olga Kharif.) Copyright (C) 2025, Tribune Content Agency, LLC. Portions copyrighted by the respective providers.
Yahoo
15-05-2025
- Business
- Yahoo
Coinbase Hack Rocks the Company That Led Crypto Into Mainstream
(Bloomberg) -- On the long list of crypto companies that have been hacked, there are plenty of examples of financial losses that are much more painful than what Coinbase Global Inc. appears to be facing from the attack it disclosed on Thursday. As Coastline Erodes, One California City Considers 'Retreat Now' How a Highway Became San Francisco's Newest Park Maryland's Credit Rating Gets Downgraded as Governor Blames Trump Power-Hungry Data Centers Are Warming Homes in the Nordics NYC Commuters Brace for Chaos as NJ Transit Strike Looms Yet this one stands out for significance far beyond the $400 million the company expects it will cost: This time, the victim was arguably the most influential US company in the industry. Coinbase is the firm that led the digital-asset industry's march into the mainstream financial system as the first publicly traded crypto exchange. It's the company that safeguards the lion's share of the $122 billion worth of tokens owned by spot-Bitcoin exchange-traded funds. And it's the firm that did much of the heavy lifting when it came to the industry's campaign spending spree to send a platoon of pro-crypto lawmakers to Washington this year. Indeed, the revelation of the hack comes just three days after the company's crowing achievement in mainstreaming the digital asset class with its addition to the S&P 500 Index, a development that will land its shares into trillions of dollars worth of retirement plans and other investment products that track the benchmark gauge. The hack, plus subsequent news of a lingering Securities and Exchange Commission investigation into how the company reported its number of users, sent the shares down more than 7% on Thursday. While the company says the Coinbase Prime service that custodies crypto for ETF issuers and services other institutional investors was not affected, the hackers did have near-constant access to some of Coinbase Global Inc.'s most valuable customer data since January, according to a person familiar with the incident who asked not to be named discussing company matters. The hackers' scheme was brazen, if not especially impressive from a technology standpoint: They bribed customer representatives to steal client data and then demanded a $20 million ransom to delete it. Coinbase began noticing unusual activity from some of these representatives as far back as January, the company confirmed in an interview with Bloomberg News. The bribed reps got access to names, dates of birth, addresses, nationalities, government-issued ID numbers, some banking information as well as details about when customer accounts were created and their balances, the person familiar with the situation said. This information could be used to attempt to impersonate Coinbase and convince customers to let the hackers into their account. It could also be used to impersonate the victims with other service providers to attempt to convince them to let hackers into other financial accounts they maintain. For some traders with big balances on the exchange, the incident was alarming for reasons that go beyond the potential financial losses, considering the kidnapping and mutilation of a crypto startup co-founder earlier this year and reports of other similar incidents. 'It's a major breach, the amount of personal information shared is staggering,' said Mike Dudas, managing partner of web3 firm 6MV, who said he was targeted by the Coinbase hackers. 'It will make people have to consider their personal physical security, especially with the things happening in France and elsewhere.' The hackers had bribed enough customer service representatives to achieve effectively on-demand access to Coinbase customer information in the past five months, the person said. Coinbase Chief Security Officer Philip Martin disputed the assertion of near constant access, saying in an interview with Bloomberg News that the company pulled the agents' access as soon as it was discovered that they were improperly sharing information. Therefore the hackers 'did not have persistent access over the course of the entire period,' he said. 'What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data,' Martin said. Coinbase detected the agents, quarantined them and fired them, as soon as the company noticed the activity. 'So there were a number of specific bribery incidents that this attack, that this threat actor is claiming credit for throughout the course of that time, but they did not have persistent access over the course of the entire period,' he said. The hackers had access to this data as recently as Wednesday, the person familiar with the incident said. Martin said 'we have no reason to believe that is true at all' but could not 'prove a negative.' Bloomberg News is aware of one notable, high net worth individual's data being accessed, whom Bloomberg is not disclosing for privacy reasons. David Jeong, a crypto founder in New York, said he received a text from unidentified number on April 3, in which he was asked to verify the login for his personal account. He then received another text from a different number on May 4. Jeong said he hasn't used a one-time password from Coinbase for two years. Coinbase said in a regulatory filing that it received an anonymous email from the hackers making their ransom demand on May 11. It added that in the months leading up to that email it had detected instances of customer support agents outside of the US collecting data from internal systems. Last weekend, some premium customers received emails suggesting that their information had been accessed. 'At Coinbase, we actively monitor our systems to ensure customer information is only accessed when necessary and in accordance with our strict security standards. We wanted to let you know that we detected activity suggesting that information related to your account may have been accessed in a way that did not align with our internal policies,' the company said in a customer email reviewed by Bloomberg. 'The information did not involve your password, seed phrase, or any other information that would have allowed someone to directly access your account or your funds.' In the email, Coinbase recommended that customers ensure they're 'regularly monitoring your account, using a strong and unique password.' Less than 1% of the exchange's monthly transacting users were affected, Coinbase said Thursday. In addition to ramping up security controls for those affected, Coinbase said it would reimburse in full anyone who lost money. Instead of paying the ransom, the exchange is offering a $20 million bounty to anyone with information leading to the attackers' arrest and conviction. Hacks have long plagued the crypto industry, thanks to its heavy reliance on user anonymity and complex digital software. Around $2.2 billion was lost to such incidents in 2024, according to researcher Chainalysis. Operating under the threat of attack has been particularly painful for crypto exchanges, which are often major targets and face high ongoing costs to maintain tight security. This type of so-called social engineering attack — in which criminals use people to gain unauthorized access to data, rather than exploiting flaws in computer code — is a type of threat has become increasingly popular in crypto, resulting in recent major incidents like the $1.5 billion hack of crypto exchange Bybit in February. With a price tag of $400 million to cover the cost of repaying users, among other charges, the incident ranks as the eighth biggest hack crypto hack ever, according to Elliptic data. 'Unfortunately as our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures,' said Nick Jones, founder and CEO at crypto technology platform Zumo. 'This is understandably a huge blow for a company that has had a pivotal few weeks.' Meanwhile, the New York Times reported that the Securities and Exchange Commission has been investigating whether Coinbase misstated its user numbers in past disclosures as part of an inquiry that began during the Biden administration. 'This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public,' Paul Grewal, Coinbase's chief legal officer, said in a statement. 'While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.' --With assistance from Muyao Shen and Olga Kharif. Cartoon Network's Last Gasp DeepSeek's 'Tech Madman' Founder Is Threatening US Dominance in AI Race As Nuclear Power Makes a Comeback, South Korea Emerges a Winner Why Obesity Drugs Are Getting Cheaper — and Also More Expensive Tariffs Won't Reindustrialize America. Here's What Will ©2025 Bloomberg L.P. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
