Coinbase revealed on Thursday that cybercriminals bribed overseas customer support contractors to steal sensitive customer data as part of a $20 million extortion scheme. While no funds or private keys were compromised, customer names, addresses, and ID documents were exposed for nearly 1% of the company’s 8+ million “monthly transacting users,” according to a blog post.

The story raises tough questions for the entire industry. Is KYC making users more vulnerable? Can human error ever be fully eliminated? And is crypto’s real security problem… people?

Security experts Jameson Lopp, James Wester and Alexander Leishman delve into:

What went wrong at Coinbase

Why human vulnerabilities are still crypto’s biggest risk

Whether KYC makes the problem worse

What companies should do next to protect their users

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Focal by FalconX

Bitkey: Use code UNCHAINED for 20% off

Mantle

Guests

Jameson Lopp, Co-founder and CTO at CASA

James Wester, Research Director at Javelin

Alexander Leishman, CEO and CTO at River

Links

Coinbase’s blog post: Protecting Our Customers - Standing Up to Extortionists

Coinbase’s SEC filing

Commentary: 

Vance Spencer’s tweet

Armani Ferrante’s tweet

Timestamps:

🎙️ 0:00 Introduction and ads

🔓 2:30 How hackers tricked Coinbase’s offshore support and why humans remain security’s weakest link

🗂️ 6:49 What customer data was leaked and how hackers use it

🎯 13:14 How attackers prey on targets at weak moments

🌍 20:47 Should Coinbase move customer support back to the U.S.?

🛑 26:35 Why KYC protocols might be making users more vulnerable, not safer

🛡️ 28:48 The best defenses companies can implement to protect users

📰33:49 Weekly News Recap

Learn more about your ad choices. Visit megaphone.fm/adchoices