Coinbase Says Cybersecurity Incident Could Cost It $400 Million
Coinbase disclosed that the cybersecurity incident it reported Thursday (May 15) could cost it as much as $400 million.
The company’s investigation into the incident is still underway, so the full impact of the cyberattack is not yet known, Coinbase said in a filing with the Securities and Exchange Commission (SEC).
“Based on the information available to the Company on the date hereof and based on facts that continue to evolve, the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident, prior to further review of potential losses, indemnification claims and potential recoveries, which could meaningfully increase or decrease this estimate,” the filing said.
When reporting the cyberattack Thursday, Coinbase said it would voluntarily reimburse users who were tricked into sending funds to the attacker, who used data stolen from the company to launch social engineering attacks against some of its customers.
The data breach happened when cybercriminals convinced “a small group” of company insiders to copy the data from its customer support tools for less than 1% of Coinbase’s monthly transacting users, Coinbase said in a Thursday blog post.
“Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto,” the company said in the post. “They then tried to extort Coinbase for $20 million to cover this up. We said no.”
Coinbase added that rather than paying the $20 million ransom, it is setting up a $20 million reward fund for information that leads to the arrest and conviction of the attackers.
Social engineering fraud has increased by 56% in the past year, according to the PYMNTS Intelligence report, “The State of Fraud and Financial Crime in the U.S. 2024: What FIs Need to Know.”
The report found that today’s fraudsters are using advanced social engineering scams to target consumers directly, leveraging fear, urgency and even fake customer service lines to dupe unsuspecting victims into handing over sensitive information.
Financial institutions need to take a proactive, holistic approach to security and scam protection at a time when social engineering scams and others are outpacing traditional fraud prevention measures, Entersekt CEO Schalk Nolte told PYMNTS in an interview posted Wednesday (May 14).
The post Coinbase Says Cybersecurity Incident Could Cost It $400 Million appeared first on PYMNTS.com.