Comment by mafriese
7 months ago
> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities
Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.
> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).
This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...
> •Name, address, phone, and email;\
> blackmail each individual user
Blackmail would be the least of my worries, in France we had at least five kidnappings/attempted kidnappings related to crypto investors since the beginning of the year.
And more than one finger sent in the post.
Yes that's true but it's weird they only focus on crypto investors' families? There are many rich people in France, what's the deal with cryptobros?
Crypto is advertised as providing irreversible transfers, and having ownership of assets solely established by ownership of keys. It shouldn't be surprising that such features would attract criminals.
You can easily establish the connection from a bank account to a person. A connection from a crypto wallet to a person is extremely difficult. Money laundering with crypto is also much easier (and cheaper usually).
4 replies →
Because it's easier to move crypto than physical cash.
Guessing their profits are regularly illegal or untaxed, so they're less likely to involve the police.
1 reply →
It's easier and faster to send the money without having to go to the bank.
This may seem callous, but isn't a large point of crypto that you are 'free' from the shackles imposed by the State?
And I guess that includes protection from criminals by the oppressive forces of the State (aka the police). In which case being kidnapped and having your fingers sent to your family is an integral part of your 'freedom'.
Crypto isn’t synonymous with anarchy, just like the internet isn’t synonymous with pornography. Both are cliches from long ago.
All of the victims are likely tax payers. Law and order is a fundamental service that a legitimate state must provide to all in its jurisdiction, even those who are only resident non-citizens and those that pay little to no taxes in a progressive tax system.
6 replies →
It seems that law-abiding citizens often bear the greatest risk by declaring their assets to tax authorities and relying on so-called "trusted custodians" for savings. Ironically, for many, the safest course of action is likely non-disclosure, though this is, of course, illegal in much of the world.
1 reply →
This may be surprising, but I actually don't think opting for a payment method with less consumer protections (that I pay cap gains tax on when if I dispose of it for a profit) is me ceding my right to be protected by the police. You're right that it does seem extremely callous and is honestly a disturbing mindset to have. Hopefully you never experience terror like the victims of the last few months in France experienced in your life.
2 replies →
You can argue that once you are 'free' to own guns, defend yourself, and seek revenge. The state limits your ability to protect yourself, so it has to assume that responsibility.
The persons in France probably paid their taxes. So no, your premise is wrong in that the state will help vs. in a crypto no-tax world. Actually the de-jour crypto paradise didn’t have any kidnappings so far and you don’t have to pay taxes either.
> isn't a large point of crypto that you are 'free' from the shackles imposed by the State?
That's what people say, but it's probably not true given everyone leaves their coins on exchanges.
It's simply about separating money and state. It's imperative that this happens.
The state takes a flat 30% tax on capital gains regardless of the source, I'd say they paid their fair share
5 replies →
[dead]
It way worse. The US companies, pay $3-$6 per hour to outsource their support to the Philippines. The companies which provide the service have very high turnover rate. For some companies the employees stay on average about 6 months. There is absolutely no reason to be loyal.
We are getting zero government regulations on AI, no punishment data breaches, and no human protections against wide scale abuse. The opposite is happening.
I suspect to see America in chaos from these disruptions in the very near future.
Beyond the Philippines low wage, the point is that there is a price for "everybody" if it were in the US it will be a much higher price, and most probably paying for higher attack benefits.