American cryptocurrency exchange Coinbase disclosed a major data breach on May 15 that cost the company up to $400 million, affected more than 69,000 customers. Known to be its biggest security failure to date, this incident occurred after hackers bribed customer service workers in India to leak sensitive data, according to a report by Fortune.
The report revealed that a loose network of young English-speaking hackers was partially responsible for the scam. Additionally, business process outsourcing units (BPOs) also played a role as a weak link in its security operations.
Was TaskUs targeted by hackers?
The employees of a US-based customer support company, TaskUs, handling support for Coinbase since 2017, were targeted by hackers. With a significant presence in India, TaskUs laid off 226 Indian staff in Indore, weeks after the security breach was reported.
The company paid salaries in the range of $500-$700 per month.
Because of low salaries, some employees in India were convinced to transfer confidential customer records for bribes. Coinbase stated it had severed relationships with those individuals and other foreign agents implicated.
“Obviously that’s the weakest point in the chain, because there is an economic reason for them to accept the bribe,” Sergio Garcia, founder of the crypto investigations company Tracelon, told Fortune.
Impersonation of Coinbase staff
Hackers used to impersonate Coinbase staff, convincing customers to give up their crypto assets, as stolen information was not enough to get the crypto vaults of the company. This led to huge financial losses. The crypto company has not revealed the exact number of users who have lost money. However, it plans to reimburse the affected customers.
Legal challenge for TaskUs
A class action lawsuit has been lodged on behalf of Coinbase customers in New York against TaskUs, alleging negligence. The company maintains that all the accusations lack merit, and they are improving security protocols. TaskUs claimed that two agents were involved in a wider plot targeting several service providers associated with Coinbase.
Who is responsible for the security breach?
“The Comm” or “Community,” a loosely connected group of young English-speaking cybercriminals who use Telegram and Discord to communicate, are expected to be responsible for the security breach. The group is “often motivated by attention seeking or the thrill of mischief,” the report states. They also compete with one another to see who can steal more.
“They come from video games, and then they bring their high scores into the real world,” Josh Cooper-Duckett, director of investigations at Cryptoforensic Investigators, told Fortune. “And their high score in this world is how much money they steal,” he added.