The US Department of Justice has initiated an investigation into an incident related to the data leak of users from the cryptocurrency exchange Coinbase. According to Bloomberg, the criminal division of the department in Washington is handling this case. It is important to note that Coinbase itself is not the subject of the investigation.
This is reported by Business • Media
According to representatives of the exchange, the breach was made possible by bribing support agents who work on contract in India. The perpetrators gained access to user data, including KYC information, addresses, and phone numbers. Following this, the company received a letter demanding $20 million for non-disclosure of the information, to which Coinbase responded with a refusal. Instead, it decided to create a $20 million fund to reward those who help apprehend the criminals.
Financial Consequences and Regulatory Response
Coinbase reported the incident to the US Department of Justice, the FBI, and other specialized agencies. The company’s Chief Legal Officer, Paul Grewal, emphasized that the exchange supports criminal cases against those responsible, noting that the firm is not under investigation. He also commented on Twitter:
“We have notified the authorities about the incident. We are not the subject of an investigation regarding this incident. Just a reminder, if the facts matter”
.
Representatives of the Department of Justice are currently refraining from official comments. The incident has raised concerns among European regulators, particularly in the UK and Ireland, where data protection agencies have begun their own assessment of the situation. Experts believe that this undermines trust in remote support systems relied upon by major platforms.
Litigation and Financial Losses
According to information from Coinbase, the data collection lasted several months before the receipt of the threatening letter. The company took action and terminated the employees involved in the leak. Potential financial losses are estimated at $400 million. The perpetrators used social engineering methods, bypassing technical security measures, which allowed them to attack clients without hacking the platform’s code.
As a result of the incident, two lawsuits have been filed against Coinbase, accusing the company of negligence and concealing information from clients. Additionally, it has been reported that an artist from Los Angeles lost over $2 million due to the data leak on the platform.