Cyber Incident Victim: Coinbase Global, Inc.
Date:
Jul 2020
Location:
United States of America
Summary
A cryptocurrency exchange mitigated significant financial losses during a high-profile social media platform breach where attackers hijacked verified accounts to promote a Bitcoin doubling scam. The exchange blocked over 1,100 customer transactions totaling $280,000 intended for the fraudulent wallet after its own account was compromised, though 14 users transferred $3,000 before interventions. Multiple other digital asset platforms implemented similar payment blocks, but this exchange's larger user base resulted in the highest prevented losses. The incident highlighted how centralized cryptocurrency services can disrupt scams despite the decentralized nature of blockchain transactions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 15, 2020, attackers compromised Twitter’s internal systems through a social engineering campaign targeting employees with access to administrative tools. This breach enabled unauthorized control over 130 high-profile accounts, including those of politicians, celebrities, and corporations such as Joe Biden, Elon Musk, Apple, and Coinbase itself. The attackers used these accounts to post fraudulent tweets directing followers to send Bitcoin to a specified wallet address, promising to double any transfers. Twitter confirmed the incident stemmed from compromised employee credentials and internal system access. Coinbase’s Twitter account, with 1.1 million followers, was among those hijacked, amplifying the scam’s potential reach to cryptocurrency investors.
Coinbase detected and blocked transactions to the attackers’ Bitcoin wallet, preventing 1,100 customers from sending approximately $280,000 in cryptocurrency. Only 14 Coinbase users successfully transferred funds, totaling $3,000 in losses. Other exchanges, including Gemini, Kraken, and Binance, implemented similar blocks, though Coinbase’s larger user base resulted in the highest volume of intercepted payments. The broader Twitter scam netted attackers around $100,000 from non-Coinbase users. Twitter’s disclosure emphasized the attackers’ focus on account takeover rather than data exfiltration. The incident highlighted the role of centralized cryptocurrency platforms in mitigating fraud through transaction monitoring and wallet blacklisting, contrasting with perceptions of cryptocurrency as inherently unregulated.