Given this prominent example, experts stress that security leaders should step up their educating and red-teaming of in-house and outsourced staff on the bribery threat. Moreover, cybersecurity professionals should be prepared for additional threat actor ploys to entice workers as old-school infiltration techniques, such as phishing attacks, become less effective.
Details of the Coinbase breach
Starting in December 2024, the threat actors targeted Coinbase’s customer support agents working at business process outsourcing (BPO) company TaskUS, in Indore, India. They reportedly offered workers bribes of up to $2,500 per person to copy data in their customer support tools.
The stolen data came from 1%, or around 70,000, of Coinbase’s monthly transacting users, and included a range of personally identifiable information, such as contact information and Social Security numbers, account data, and masked bank account information, but not login credentials, private keys, or access to accounts and crypto wallets.
