Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
US cryptocurrency exchange Coinbase was targeted by hackers who stole customer data and demanded $20mn to prevent its public disclosure, the company said on Thursday.
The group, which is set to become the first crypto exchange to join the S&P 500 on May 19, said the cyber demands were made on Sunday.
The California-based group has promised to pay a $20mn reward — the amount demanded — for information leading to the arrest and conviction of those responsible.
The company’s shares closed down 7.2 per cent in New York. They had soared by a quarter on Tuesday after the announcement of its inclusion in the US blue-chip stock index.
“Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto. They then tried to extort Coinbase for $20mn to cover this up. We said no,” the group said in a statement on its website.
Cyber criminals have frequently launched attacks on the cryptocurrency industry, searching for weaknesses in poorly written code as well as targeting executives in the sector.
This year hackers stole about $1.5bn in crypto tokens from Bybit, in a heist the digital asset exchange described as the biggest theft to hit the industry.
Chainalysis, the blockchain data group, estimated that hacks on crypto exchanges climbed 21 per cent last year to more than $2.2bn, with most of the activity centred on the Asia-Pacific region. Hackers linked to the North Korean government stole $1.3bn of that total, it found.
Coinbase said criminals had “bribed and recruited” support agents working outside the US to steal its customer data. Staff involved in the scandal had been fired immediately.
The stolen data accounted for a “small subset” of customers, it added, and included partial social security, bank account details, account data and identity images, such as passports and driving licences. However, they did not secure passwords, keys or funds from accounts.
Coinbase said it would reimburse customers who were tricked into sending funds to the attackers, which could be in the range of $180mn to $400mn.
The industry has undergone a revival since US President Donald Trump’s election victory. Bitcoin has climbed by a third in the past month to more than $100,000, its highest level since January.
Dovile Silenskyte, director of digital assets research at WisdomTree, described Coinbase’s inclusion in the S&P 500 as “more than symbolic” because it would help push some of the trillions of dollars in funds that track the benchmark into the stock.
“Crypto is no longer a volatile sideshow. It is being hard-wired into the financial system’s core architecture,” she said.
Separately on Thursday, the company said it was co-operating with the Securities and Exchange Commission over a long-running investigation into the company’s use of a metric for customer growth in its securities filings, including its listing in 2021. Its statement followed a report on the topic from The New York Times.
“This is a holdover investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public,” said Paul Grewal, the group’s chief legal officer.
He said the company had fully disclosed the metric and why it was discontinuing its use in 2023. “While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.”
Trump promised to end the SEC’s hardline stance against the crypto industry. and since his inauguration in January the regulator has closed or settled more than a dozen cases against some of the biggest names. Among them included a lawsuit against Coinbase for allegedly violating securities laws.
Read the full article here
