Comment by panarky
11 hours ago
If you had any significant assets on Coinbase at any time prior to this breach, spear phishing is the least of your worries.
Coinbase not only leaked your full name and address, they also gave up your balances, your transaction history, and images of your government identification.
People with "significant" crypto balances are being assaulted on the street and in their own homes, and family members are being kidnapped for ransom.
"Significant" in this case can be $10k or less.
Until now, your best defense secrecy. Never talk about crypto in public in any way that could be traced to your real-world identity.
Thanks to Coinbase that defense is now gone.
The bad guys can see who has ever had a significant balance on Coinbase (even if they don't right now), whether that balance was sold for cash and how much, or if you've ever transferred tokens off the exchange to a self-custody wallet.
Now the bad guys know who's worth kidnapping for ransom and where you live. For most people, a Google search of your name and home address turns up the names of family members who would would also be lucrative targets for kidnapping and threats of violence.
Coinbase will never be forced to reimburse all the damage they've done because the true cost would bankrupt the company.
Florida teens kidnap Las Vegas man, drive him to Arizona desert, steal $4M in cryptocurrency
https://www.yahoo.com/news/florida-teens-kidnap-las-vegas-20...
"They Stole a Quarter-Billion in Crypto and Got Caught Within a Month. How luxury cars, $500,000 bar tabs and a mysterious kidnapping attempt helped investigators unravel the heist of a lifetime." https://www.nytimes.com/2025/04/24/magazine/crybercrime-cryp... (gift article)
And this crypto CEO in Toronto was kidnapped for a $1M ransom: https://www.cbc.ca/news/canada/toronto/kidnapping-toronto-bu...
The parent post was someone literally hosting a crpyto conference, and this one was someone who runs a crypto company. A sibling story describes the father of a 'cryptocurrency influencer.' Is there any evidence of real crime happening which was targeted at Coinbase leak data, or is this just vibes
1 reply →
Seems to be a whole thing in France too: https://www.theguardian.com/world/2025/may/04/french-police-....
[dead]
Why is this such an issue with crypto?
Wealth status is often very well known for public figures and entrepreneurs. People are driving around in $200k cars.
Is it due to the liquidity of cryptocurrencies that $5 wrench attacks work better?
It happens with cash sometimes but people are limited to the amount they can get out of an ATM where with crypto you can force someone to hand over all their wealth with a few keystrokes.
> will never be forced to reimburse all the damage they've done because the true cost would bankrupt the company
This story keeps repeating. Maybe we should try it and see if it works as a deterrent.
It's worked before; Arthur Andersen ceased to exist after the Enron accounting scandal.
So you’re saying that one year of complementary credit monitoring by Experian isn’t enough??? /s
Companies should seriously consider implementing GDPR even in the US, it certainly made taking data dumps of customer data a lot harder and certainly private images like Government IDs were encrypted on disk. I’m surprised at the lack of security if I’m honest, at Yahoo! almost nobody had access to prod user data.
Essentially you cannot trust Coinbase IMO, might move the few hundred dollars of BTC out of there :-)
> I'm surprised at the lack of security if I’m honest
This is the crypto industry, who make the discrepancy between Theranos' claims and practice look conservative.
But hey, at least by being forced to give crypto exchanges all our personal details we're all super protected from the four horsemen: money laundering, drugs, terrorism and pornography.
I think that the right lesson to learn here is not "I should store my money with a company I can't trust not to advertise where I live, but without telling them where I live ".
No one is forced to use a "crypto exchange" in the first place.
or cryptocurrencies
They said less than 1% of users were affected.
probably the top 1%.
And yet, Coinbase goes Scott free
Someone, someone at that company should be going to prison for negligence
"decentralized currency"
Bitcoin is plenty decentralized. Coinbase deals with dollars, that's the non-decentralized part.
so, the part that makes bitcoin useful to 99% of the people is the non-decentralized part.
Sounds like an appendix.
1 reply →
Why do you see this as the fault of Coinbase? Do other companies somehow have employees that are immune to bribes and blackmail?
This is due to US Government KYC laws that forced Coinbase to associate government identification with all accounts. No crypto company required ID until they were forced to.
The US Government didn't provide high-volume, bulk access to this extremely sensitive information to contractors in foreign countries with no controls over their ability to mass-exfiltrate the data.
Coinbase is the entity that set up this dangerous system.
Coinbase did it because it was cheap for them, not because they were being trustworthy custodians of information that put their customers at risk.
Sure, yes, obviously every company's employees and contractors are vulnerable to bribes and blackmail. That's why a trustworthy, competent custodian would establish systems and controls to prevent bribed and blackmailed insiders from mass-exfiltrating information that could get their customers killed.
The fact that other companies manage to be trustworthy, competent custodians while Coinbase doesn't is not the fault of KYC.
Fair enough, and it does sound like they had limits given that not all customer data was exfiltrated but those limits were probably far too high at tens of thousands affected.
You don't think Coinbase is responsible for restricting access to member data for support agents?
There is no valid reason why Coinbase or any other financial services company should ever be excepted from AML/KYC laws. If anything the laws ought to be even tighter to slow down financial flows to criminals and sanctioned entities.
> People with "significant" crypto balances are being assaulted on the street and in their own homes, and family members are being kidnapped for ransom. "Significant" in this case can be $10k or less.
I wonder why, select a person completely at random and by median you'll get just as much from what they have sitting in their checking account. Select a nicer area for an order of magnitude more. That's not encouragement to go assault people in their homes or kidnap families... just confusion.
Yeah, but banks and the normie monetary system has a lot more safeguards in it when it comes to account transfers. Or at least, they appear to have them.
Crypto? It's wild, and people think it's wild.
I tried to use Coinbase a few months ago to pay for something, and I couldn't even make a transaction because it was deemed suspicious, and my account got locked or something.
of course, you need to point out that Crypto has ended up being indistinguishable from the banking system in all the important parts.
The distinguishing parts are things you don't want: easily corrupted, grifted, cheated and otherwise duped.
The median person does not have $10k sitting in a checking account that they can easily withdraw. My gut feeling is that the threat of kidnapping is a lot more serious in some countries. The US maybe not so much.
> The median person does not have $10k sitting in a checking account that they can easily withdraw.
That's true, finding someone with 10k is not as easy as picking a person at random, but it is as easy as driving to the right parking lot and picking a person at random.
1 reply →
Good point, perhaps the lower $ examples are about other countries where that may be a lot more than median transactional account holdings and maybe that concern is part of why folks were using crypto holdings.
The average American can't deal with a $1000 emergency.
Bank transactions are reversible, crypto transactions are not.
Also, people do point guns in people’s faces and force them to pay them via Venmo or Cashapp. Google ‘Venmo robbery’ or ‘cashapp robbery’ for plenty of examples. Pointing a gun in someone’s face for $4M in crypto is a lot more lucrative.