Today in crypto, the US Department of Justice added another 12 people to their list of defendants suspected of being involved in a major US crypto racketeering ring. Coinbase reportedly refused to pay a $20 million ransom after insiders leaked user data in a phishing scheme, and the company has since fired the group of contracted customer support agents allegedly involved in the attacks.
DOJ charges 12 more gamer-turned $263M Bitcoin robbers
Another 12 people have been charged for their involvement in a $263 million crypto crime spree that stole 4,100 Bitcoin from a Genesis creditor last August, along with a string of break-ins and money laundering.
The 12 new names, included in a superseding indictment, add to charges originally brought against the main defendant in the case, Malone Lam, on Sept. 19, 2024, the Department of Justice noted in a May 15 statement.
Jeandiel Serrano was named a defendant in the initial indictment but was not included in the superseding one.
The DOJ said several defendants have been arrested, while two others are believed to be living in Dubai.
Many of the suspects, with aliases like “Goth Ferrrari” and “The Accountant,” come from California, mostly aged between 18 and 22.
The group allegedly began operating in October 2023, evolving from friends while playing online games to what the DOJ describes as participating in a “cyber-enabled racketeering conspiracy.”
Coinbase fires compromised agents in India — Report
Coinbase has reportedly fired a group of customer support agents following their alleged involvement in social engineering attacks on users. The contracted agents were based in India.
According to a May 15 Fortune interview, Coinbase's chief security officer, Philip Martin, said the company flagged customer support contractors who allowed scammers access to user data, suggesting they could be Indian nationals. The CSO’s comments came after some crypto users reeled from attempted phishing attacks using their Coinbase data, which the exchange estimated could cost them between $180 million and $400 million in remediation and reimbursement.
Qiao Wang, a core contributor to Alliance DAO, said in a May 15 X post that he may have been a victim of one of these attacks. He said a scammer notified him his Coinbase account had been compromised, asked him to verify his personal information, to which the criminals likely had access through the compromised agents, and requested he withdraw all his funds to a “Coinbase self-custodial wallet.”
“I called them out at the end of the call telling them they need to step up their game [...],” said Wang on X. “They told me that had made $7m that day.”
Coinbase faces $400 million bill after insider phishing attack
Coinbase, the world’s third-largest cryptocurrency exchange, was hit by a $20 million extortion attempt after cybercriminals recruited overseas support agents to leak user data, the company said.
According to a May 15 blog post, Coinbase said a group of external actors bribed and coordinated with several customer support contractors to access internal systems and steal limited user account data.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said, adding that no passwords, private keys, funds or Coinbase Prime accounts were affected.
Less than 1% of Coinbase’s monthly transacting users’ data was affected by the attack, the company said.
After stealing the data, the attackers attempted to extort $20 million worth of Bitcoin from Coinbase in exchange for not disclosing the breach. Coinbase refused the demand.
Coinbase said it will reimburse users who were tricked into sending cryptocurrency to phishing scammers, with expected remediation and reimbursement expenses ranging from $180 million to $400 million.
The crypto exchange disclosed the estimate in an 8-K filing with the US Securities and Exchange Commission on May 15, noting the expenses relate to “voluntary customer reimbursements” and other remediation efforts.