#Tag · bonfire.cafe

Hacker News

@h4ckernews@mastodon.social · 2 months ago

I have recordings proving Coinbase knew about breach months before disclosure

https://jonathanclark.com/posts/coinbase-breach-timeline.html

#HackerNews #Coinbase #Breach #Disclosure #Breach #Timeline #Security #Concerns #Cryptocurrency

Alex Akselrod boosted

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com · 3 months ago

#Coinbase's "Base" #blockchain went down when #AWS failed.

#Base is pure decentralization theater. there is no decentralization, there's just a buzzword you can now throw out any time you don't want to comply with financial regulations.

#buildOnBase #crypto #decentralization #cryptocurrency #BrianArmstrong

Woman: Base is decentralized
Man: Be honest
Woman: Base is progressively decentralized
Man: be honest
woman: base runs on AWS
man: thank you — Woman: Base is decentralized Man: Be honest Woman: Base is progressively decentralized Man: be honest woman: base runs on AWS man: thank you

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com · 3 months ago

#Coinbase's "Base" #blockchain went down when #AWS failed.

#Base is pure decentralization theater. there is no decentralization, there's just a buzzword you can now throw out any time you don't want to comply with financial regulations.

#buildOnBase #crypto #decentralization #cryptocurrency #BrianArmstrong

Sebastian Lasse

@sl007@digitalcourage.social · 3 months ago

^ … and #Echo #Vidieo #Prime #Epic #FireTV #Atlassian #Bitbucket #Duolingo, #Roblox down too

[DE] https://www.heise.de/news/Amazon-Web-Services-Globale-Stoerung-10778963.html

Sebastian Lasse

@sl007@digitalcourage.social replied · 3 months ago

^ and #Ring #LloydsBank #HMRC #Halifax #Coinbase and a #government
down too

https://www.telegraph.co.uk/business/2025/10/20/ring-snapchat-amazon-and-more-go-down-in-blackout/

#awsdown #kritis

Access Restricted

The Japan Times

@thejapantimes@mastodon.social · 5 months ago

On a reclaimed island in Malaysia, crypto and tech entrepreneurs are building software, chomping down Australian ribeye — and getting schooled in a radical blueprint for creating new sovereign states from scratch. https://www.japantimes.co.jp/business/2025/09/01/tech/tech-utopia-malaysia-forest-city/?utm_medium=Social&utm_source=mastodon #business #tech #malaysia #southeastasia #cryptocurrencies #tech #bitcoin #coinbase

N-gated Hacker News

@ngate@mastodon.social · 5 months ago

🚀 BREAKING: The #Coinbase #CEO has discovered the secret to success—fire anyone who dares to question the almighty #AI 🤖. Apparently, if you’re not coding Skynet by lunch, you better update your LinkedIn. 🤦‍♂️ Because who cares about quality when you have buzzwords? #InnovationOrElse
https://techcrunch.com/2025/08/22/coinbase-ceo-explains-why-he-fired-engineers-who-didnt-try-ai-immediately/#Success #Buzzwords #Innovation #Disruption #HackerNews #ngated

mkb boosted

Emory

@emory@soc.kvet.ch · 6 months ago

my testing of Phone Assistants continues with #Mitra. I have Mitra calling all the scammers that texted me pretending to be #Coinbase and asking them if they need help and why they're impersonating Coinbase 😆

first two didn't answer, the others are still happening. i like that you can follow the call when someone picks up.

Emory

@emory@soc.kvet.ch · 6 months ago

first two didn't answer, the others are still happening. i like that you can follow the call when someone picks up.

David Gerard

@davidgerard@circumstances.run · 7 months ago

@cryptadamist and after the other custodians shat the bed

prime trust gambling the entrusted assets on terra-luna, *goodness me*

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com replied · 7 months ago

@davidgerard i actually have some faith that coinbase custody is better run than literally anyone else based on what i've seen on chain - for instance, unlike say a company like bybit, they don't store billions of dollars of crypto in one wallet and instead break everything into chunks of ~$20 million (at least for stablecoins; i assume other stuff is similar).

so i suspect that coinbase custody is set up in such a way that even if they lose one wally, the other wallets aren't immediately also compromised.

at the same time, with that much money on the line every gifted teenager in north korea is probably laser focused on hacking #coinbase...

David Gerard boosted

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com · 7 months ago

@davidgerard p.s. just to put some numbers on exactly how centralized the global bitcoin supply is in #coinbase, it looks like they are custodying 80% of the ETFs (~$113 bn) plus MSTR (~$50bn) and a couple others, and then also their customers.

taking into account lost bitcoins, they're probably custodying more than 10% of all the bitcoins in the world

@brian_armstrong Our institutional team is crushing it - two awesome stats from our QBR this week: 1) 8 of the top 10 publicly traded companies with BTC on their balance sheet use Coinbase Prime. 2) There's $140B of crypto in US ETFs, and 81% of that is stored with Coinbase. We’re tracking > 50 new ETF filings since the beginning of year. Thank you for your attention to this matter!

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com · 7 months ago

@davidgerard my guess is that they will fork the bitcoin chain to undo the hack

⚯ Michel de Cryptadamus ⚯

@cryptadamist@universeodon.com replied · 7 months ago

taking into account lost bitcoins, they're probably custodying more than 10% of all the bitcoins in the world

jbz

@jbz@indieweb.social · 8 months ago

Coinbase says its data breach affects at least 69,000 customers• @TechCrunch

｢ In a blog post, Coinbase said the hacker demanded $20 million in a ransom payment to delete the data, which Coinbase refused to pay. The company said the hacker bribed Coinbase customer support workers into accessing customers’ data over a period of several months ｣

https://techcrunch.com/2025/05/21/coinbase-says-its-data-breach-affects-at-least-69000-customers/

#coinbase #databreach #cybersecurity

Molly White

@molly0xfff@hachyderm.io · 8 months ago

A Coinbase data breach filing with the Maine Attorney General finally gives us some more detail than Coinbase’s vague “less than 1% of monthly transacting users”. 69,461 people were affected, and Coinbase says the data breach occurred on December 26, 2024.

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/f61fae18-f669-499e-9a87-f4d323d281f8.html

It took them almost five months between the incident and the incident disclosure, although the company has since admitted it knew customer support agents were suspiciously accessing customer data as far back as January.

#coinbase #crypto #cryptocurrency

Data Breach Notifications
Entity Information
Type of Organization: Financial Services
Entity Name: Coinbase, Inc.
Street Address: 248 3rd Street #434
City: Oakland
State, or Country if outside the US: CA
Zip Code: 94607
Submitted By
Name: Michael Rubin
Title: Attorney
Firm name (if different than entity): Latham and Watkins LLP
Telephone Number: (415) 395-8154
Email Address: michael.rubin@lw.com
Relationship to entity whose information was compromised: Outside Counsel
Breach Information
Total number of persons affected (including residents): 69461
Total number of Maine residents affected: Approximately 217
If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
Date(s) Breach Occured: December 26, 2024
Date Breach Discovered: May 11, 2025
Description of the Breach:
Insider wrongdoing
Information Acquired - Name or other personal identifier in combination with:
Notification and Protection Services
Type of Notification: Written
Date(s) of consumer notification: May 30, 2025
Copy of notice to affected Maine residents: Appendix_A_-_Coinbase_Template_Individual_Notification_Letter.pdf
Date of any previous (within 12 months) breach notifications: 07/16/2024
Were identity theft protection services offered: Yes
If yes, please provide the duration, the provider of the service and a brief description of the service: We are offering all impacted — Data Breach Notifications Entity Information Type of Organization: Financial Services Entity Name: Coinbase, Inc. Street Address: 248 3rd Street #434 City: Oakland State, or Country if outside the US: CA Zip Code: 94607 Submitted By Name: Michael Rubin Title: Attorney Firm name (if different than entity): Latham and Watkins LLP Telephone Number: (415) 395-8154 Email Address: michael.rubin@lw.com Relationship to entity whose information was compromised: Outside Counsel Breach Information Total number of persons affected (including residents): 69461 Total number of Maine residents affected: Approximately 217 If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified: Date(s) Breach Occured: December 26, 2024 Date Breach Discovered: May 11, 2025 Description of the Breach: Insider wrongdoing Information Acquired - Name or other personal identifier in combination with: Notification and Protection Services Type of Notification: Written Date(s) of consumer notification: May 30, 2025 Copy of notice to affected Maine residents: Appendix_A_-_Coinbase_Template_Individual_Notification_Letter.pdf Date of any previous (within 12 months) breach notifications: 07/16/2024 Were identity theft protection services offered: Yes If yes, please provide the duration, the provider of the service and a brief description of the service: We are offering all impacted

Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches

Molly White

@molly0xfff@hachyderm.io replied · 8 months ago

SEC requires material cybersecurity incidents be disclosed within four business days; state laws often have a 30-day disclosure deadline. It’s not clear if customers outside the US were affected; if so, other disclosure laws may apply.

#coinbase #crypto #cryptocurrency

Molly White

@molly0xfff@hachyderm.io · 8 months ago

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/f61fae18-f669-499e-9a87-f4d323d281f8.html

#coinbase #crypto #cryptocurrency

Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches

Molly White

@molly0xfff@hachyderm.io · 8 months ago

Coinbase has disclosed a substantial customer data breach, blaming it on “rogue overseas support agents”. This follows months of crypto security researchers warning about apparent security issues at the company.

According to Coinbase, the data thieves bribed members of Coinbase’s support team, which is based overseas and reportedly makes very little money. It seems Coinbase has been aware of a breach for several months, but only reported it on May 14.

At least five lawsuits have been filed about the breach in the days since, but a change to Coinbase’s customer agreement that went into effect on May 15 may make it more challenging for customers to obtain relief.

#cryptocurrency #crypto #coinbase

3 media

Coinbase
On May 12, Coinbase announced it will join the S&P 500 as its “first and only crypto company”.1a This is the latest change that may see more American investors inadvertently exposed to the cryptocurrency industry via index funds, following MicroStrategy’s entry into the NASDAQ-100 in December 2024 [I72].

Their joy was likely tempered when, only two days later on May 14, they had to announce a data breach that exposed customer data including names, addresses, phone numbers, email addresses, images of government ID documents, account balance and transaction data, and masked social security and bank account numbers. Although leaks like this typically lead to an uptick in phishing attempts, where scammers use the private information to contact customers and more convincingly impersonate Coinbase employees, the leak of account balance data and customer addresses is also particularly concerning given the recent spike in violent attacks and kidnappings targeting wealthy crypto holders.

Crypto security researchers have been warning for months about Coinbase’s evidently poor security practices and lack of attention to customer complaints, and describing hacks in which victims reported being scammed by attackers who seemed to have access to private Coinbase data [I76]. In February, zachxbt wrote: “Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. ... Coinbase is in a position where they have the power to make — Coinbase On May 12, Coinbase announced it will join the S&P 500 as its “first and only crypto company”.1a This is the latest change that may see more American investors inadvertently exposed to the cryptocurrency industry via index funds, following MicroStrategy’s entry into the NASDAQ-100 in December 2024 [I72]. Their joy was likely tempered when, only two days later on May 14, they had to announce a data breach that exposed customer data including names, addresses, phone numbers, email addresses, images of government ID documents, account balance and transaction data, and masked social security and bank account numbers. Although leaks like this typically lead to an uptick in phishing attempts, where scammers use the private information to contact customers and more convincingly impersonate Coinbase employees, the leak of account balance data and customer addresses is also particularly concerning given the recent spike in violent attacks and kidnappings targeting wealthy crypto holders. Crypto security researchers have been warning for months about Coinbase’s evidently poor security practices and lack of attention to customer complaints, and describing hacks in which victims reported being scammed by attackers who seemed to have access to private Coinbase data [I76]. In February, zachxbt wrote: “Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month. ... Coinbase is in a position where they have the power to make

According to Coinbase, the data thieves bribed some members of Coinbase’s poorly paid offshore customer support team, who they described as “rogue overseas support agents”, who are reportedly earning less than $5,000 annually.2 Coinbase’s cybersecurity disclosure filing with the SEC admitted that they had been grappling with this issue for months: “The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities. These instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months.”3 Bloomberg later reported that “the hackers did have near-constant access to some of Coinbase Global Inc.’s most valuable customer data since January”, citing an anonymous source familiar with the incident.4

At least five lawsuits have been filed against Coinbase since the breach disclosure.5 However, an incredibly conveniently timed update to Coinbase’s customer terms, announced on April 12 and applying to disputes filed after May 15, may make it more challenging for these cases to succeed. While Coinbase’s customer terms previously contained some text seeking to limit class action lawsuits and force customers into arbitration, the update made some key changes, most significantly aiming to force lawsuits to be filed in New York. The new version also expands clauses limiting collective litigation, mass arbitration, and sharing of information between separate parties involved in arbitration proceedings against Coinbase. It also aims to force any claims that do proceed in court rather than arbitration to go to a bench trial instead of a trial by jury, reduces thresholds triggering batch arbitration, and much more prominently highlights the “Class, Collective, Representative, and Mass Action Waiver and Jury Trial Waiver”.

Of the five lawsuits filed against Coinbase for the data breach thus far, all are class actions, none were filed before May 15, and two were filed outside of New York. — At least five lawsuits have been filed against Coinbase since the breach disclosure.5 However, an incredibly conveniently timed update to Coinbase’s customer terms, announced on April 12 and applying to disputes filed after May 15, may make it more challenging for these cases to succeed. While Coinbase’s customer terms previously contained some text seeking to limit class action lawsuits and force customers into arbitration, the update made some key changes, most significantly aiming to force lawsuits to be filed in New York. The new version also expands clauses limiting collective litigation, mass arbitration, and sharing of information between separate parties involved in arbitration proceedings against Coinbase. It also aims to force any claims that do proceed in court rather than arbitration to go to a bench trial instead of a trial by jury, reduces thresholds triggering batch arbitration, and much more prominently highlights the “Class, Collective, Representative, and Mass Action Waiver and Jury Trial Waiver”. Of the five lawsuits filed against Coinbase for the data breach thus far, all are class actions, none were filed before May 15, and two were filed outside of New York.

Molly White

@molly0xfff@hachyderm.io replied · 8 months ago

Coinbase CEO Brian Armstrong has characterized my reporting on the timing of the user agreement update as a “conspiracy theory”. He did not comment on the substantive new hurdles introduced by the change, nor a question about the long delay in disclosing the breach.

#cryptocurrency #crypto #coinbase

2 media

Coinbase CEO Brian Armstrong responded to my reporting on this timing to describe it as a “conspiracy theory”, claiming that customers were being notified before the user agreement change, and that the change merely “made the user terms consistent”.6

He did not immediately respond to a clarification that the change was much more substantial than he described, including the entirely new forum clause. He also did not respond to a question asking why it took Coinbase more than a month to disclose the breach to the SEC (per his admission; more, if Bloomberg’s reporting is accurate), when such disclosures are required within four business days of companies discovering material cybersecurity incidents.7 — Coinbase CEO Brian Armstrong responded to my reporting on this timing to describe it as a “conspiracy theory”, claiming that customers were being notified before the user agreement change, and that the change merely “made the user terms consistent”.6 He did not immediately respond to a clarification that the change was much more substantial than he described, including the entirely new forum clause. He also did not respond to a question asking why it took Coinbase more than a month to disclose the breach to the SEC (per his admission; more, if Bloomberg’s reporting is accurate), when such disclosures are required within four business days of companies discovering material cybersecurity incidents.7

Tweet by Brian Armstrong: We started notifying users about this on April 11th, so it had nothing to do with the data breach. You’re giving us far too much credit in your conspiracy theory. The class action waiver has always been in our arbitration agreement btw, so this change (amongst many others) just made the user terms consistent.
2:41 PM · May 20, 2025

Reply by Molly White: It did more than “make the user terms consistent” — the clause forcing litigation in New York is entirely new, for example.
Screenshot of text: "While Coinbase’s customer terms previously contained some text seeking to limit class action lawsuits and force customers into arbitration, the update made some key changes, most significantly aiming to force lawsuits to be filed in New York. The new version also expands clauses limiting collective litigation, mass arbitration, and sharing of information between separate parties involved in arbitration proceedings against Coinbase. It also aims to force any claims that do proceed in court rather than arbitration to go to a bench trial instead of a trial by jury, reduces thresholds triggering batch arbitration, and much more prominently highlights the 'Class, Collective, Representative, and Mass Action Waiver and Jury Trial Waiver'."

Reply by Molly White: And if you knew about the data breach as far back as at least April 11 (or much further, according to outside reporting from Bloomberg), why did it take you another month to disclose with the SEC? — Tweet by Brian Armstrong: We started notifying users about this on April 11th, so it had nothing to do with the data breach. You’re giving us far too much credit in your conspiracy theory. The class action waiver has always been in our arbitration agreement btw, so this change (amongst many others) just made the user terms consistent. 2:41 PM · May 20, 2025 Reply by Molly White: It did more than “make the user terms consistent” — the clause forcing litigation in New York is entirely new, for example. Screenshot of text: "While Coinbase’s customer terms previously contained some text seeking to limit class action lawsuits and force customers into arbitration, the update made some key changes, most significantly aiming to force lawsuits to be filed in New York. The new version also expands clauses limiting collective litigation, mass arbitration, and sharing of information between separate parties involved in arbitration proceedings against Coinbase. It also aims to force any claims that do proceed in court rather than arbitration to go to a bench trial instead of a trial by jury, reduces thresholds triggering batch arbitration, and much more prominently highlights the 'Class, Collective, Representative, and Mass Action Waiver and Jury Trial Waiver'." Reply by Molly White: And if you knew about the data breach as far back as at least April 11 (or much further, according to outside reporting from Bloomberg), why did it take you another month to disclose with the SEC?

Molly White

@molly0xfff@hachyderm.io · 8 months ago

#cryptocurrency #crypto #coinbase

3 media