On May 15, Coinbase She revealed that criminals had stolen personal data from tens 400 million dollars. The violation is noticeable not only on its scale, but the way the infiltrators went: bribery of customer support agents abroad to exchange secret customer records.
Coinbase has Respond By announcing publicly, I put a $ 20 million bonus on those who stole data, and who sought to blackmail the company so as not to reveal the accident. But she shared some details about those who carried out the attack or how the infiltrators were successfully targeting its agents.
Modern investigation before luckIncluding reviewing emails between Coinbase and one of the infiltrators, revealed new details about the accident that strongly indicates a loose network of young English speakers partially responsible. Meanwhile, the results also highlight the role of the so -called BPOS, or the units of the use of external sources of commercial operations, as a weak link in the safety of technology companies.
Internal
The story begins with a small company but publicly circulated in New Braunfels, Texas, called Taskus. Like other BPOs, it provides customer services for large technology at a low cost by employing employees abroad. In January, Taskus handed over 226 employees working for Coinbase from the service center in Andor, India, according to a company spokesman.
Since 2017, according to presentation With the Securities and Stock Exchange Committee, Taskus has provided customer service employees to Coinbase, an arrangement that reaps great savings in employment costs in employment costs. But there is a hunting, of course: When customers e -mail inquire about their accounts or a new Coinbase, they are likely to speak to the Taskus employee abroad. Because these agents earn low wages compared to workers in the United States, they have proven vulnerable to bribes.
“Early this year, we identified two people who reached illegal information from one of our customers,” said Taskuss spokesman luckIn reference to Coinbase. “We believe that these two people were recruited through a broader coordinated criminal campaign against this customer, which also affected a number of other service providers who serve this customer.”
Taskus launchs came in January less than a month after Coinbase discovered the theft of customer, according to the organization presentation From the company. On Tuesday, a federal collective lawsuit submitted in New York on behalf of Coinbase Taskus was negligent in protecting the customer’s data. “Although we cannot comment on litigation, we believe that these allegations do not deserve and intend to defend ourselves,” said Taskus. “We put a top priority in protecting the data of our customers and customers and continuing to enhance global security protocols and training programs.”
A person familiar with the security incident, which he asked not to recognize in order to speak frankly, said that the infiltrators also targeted other BPOS, in some cases successfully, and that the nature of the stolen data varies according to each accident.
This stolen data was not enough for infiltrators to storm Coinbase’s Crypto. But it provides a wealth of information to help criminals put fake clients from Coinbase, who contacted and convinced customers to deliver their encryption boxes. The company says that the infiltrators stole the data of more than 69,000 customers, but it was not less than those who were victims of the so -called tricks in social engineering.
Social engineering fraud in this case involves criminals who used stolen data to impersonate Coinbase and persuade the victims to transfer their coding money.
“We have already revealed, we recently discovered that the representative of the threat had asked the agents abroad to capture the customer account dating back to December 2024. We have informed the affected and organizers, cutting relationships with the concerned task employees and other external agents, and tightening controls.”
Coinbase also stated that the figure of $ 400 million in public, as the total cost of the violation is at the upper end of its estimates, and that its low number is $ 180 million.
While the fraud in social engineering that revolves around the impersonation of the company’s representatives is hardly new, the scale that seems to be the target infiltrators BPOS is new. Although no one has permanently determined the perpetrators, a number of clues strongly refer to a loose subsidiary of young infiltrators speaking in English.
“They come from video games”
In the days after the disclosure of Coinbase breach in mid -May, luck Exchanging messages on Telegram with an individual called “PuPy Party”, which he claims to be an infiltrator.
Two other security researchers who spoke with the unknown infiltrator said luck They found that the individual is reliable. One of them said: “Based on what he shared with me, I took his remarks seriously and I could not find evidence that his statements were wrong.” Both researchers asked not to disclose his identity because they were afraid to receive the call notes to speak with the alleged infiltrator.
On stock exchanges, the individual shared many screenshots of what they said were email messages with the security team in Coinbase. The name they used to communicate with the company was “Linard Schroeder”. They also shared screenshots for Coinbase account, which belongs to a former company executive of the company that presented encryption transactions and extensive personal details.
Coinbase did not deny the authenticity of the screenshots.
Email messages shared by the alleged infiltrators include the extortion threat of $ 20 million in Bitcoin, which Coinbase refused to pay, and mocked comments on how the piracy group used some returns to buy Hair for Brian Armstrong, the company’s CEO. “We are ready to take care of the hair transplant, so that it can gently cross the world with a new set of hair,” the infiltrators wrote.
In telegram messages, the person who exists luck I learned from a security researcher – a packed contempt for Coinbase.
Many robber robots are carried out by Russian criminal gangs or the North Korean army, but the alleged infiltrator says that the task has been withdrawn through a disassembled affiliation of adolescents and twenty years called “COMM” or “Com” common to society.
In the past two years, COMM reports erupted in media reports on other piracy accidents, including a New York Times story Earlier this month, one of the alleged perpetrators identified a series of stealing encryption himself as a group member. In 2023, the infiltrators, whom the investigators identified as part of COMM. Targeted Online operations for a bicker of Las Vegas casinos and tried to blackmail MGM resorts for $ 30 million, according to L. Wall Street Journal.
Unlike Russian and North Korean infiltrators, who usually search for money only, Comm members are often driven by attention or suspense from harm as well. They sometimes cooperate in piracy attacks, but they also compete with each other to find out who can steal more.
“They come from video games, and then bring high degrees to the real world,” said Josh Cooper Dukit, director of investigations into Cryptoforensic investigators. “And its high points in this world are the amount of money they steal.”
In Telegram messages, the alleged infiltrator said that Commy members specialized in different parts of theft. The infiltrator team broke the client support agents and collected the customer data, which they presented to others outside their group who enjoy social engineering accounts. They added that different communication groups are coordinating on social platforms such as Telegram and Discord on how to implement different parts of the process and agreed to divide the returns.
Sergio Garcia, founder of the investigation company Crypto Tracelon, said, said Sergio Garcia, founder of the investigation company Crypto Tracelon, said, luck The description of the infiltrator of Coinbase reflects his observations on how COMM and other fraud in social engineering coding. The person familiar with the security incidents said that those who targeted customers in recent social engineering fraud spoke in English in North America.
Taskus workers in India receive between $ 500 and $ 700 per month, according to a source familiar with BPO workers. Taskus refused to comment. Although this is up to more Garcia said that the low wages of customer support agents in India from the gross domestic product of each person luck.
He added: “It is clear that this is the weakest point in the series, because there is an economic reason for accepting bribery.”
This story was originally shown on Fortune.com
https://fortune.com/img-assets/wp-content/uploads/2025/05/GettyImages-1239806416-e1748547254168.jpg?resize=1200,600
Source link