(Credit: Gabby Jones/Bloomberg via Getty Images)
Cryptocurrency exchange Coinbase has suffered another breach involving a contractor who may have helped cybercriminals target certain user accounts.
"Last year our security team detected that a single Coinbase contractor improperly accessed customer information, impacting a very small number of users (approximately 30)," Coinbase told BleepingComputer, which reports the incident took place in December.
A hacking gang called “Scattered LAPSUS$ Hunters” was spotted posting and then deleting screenshots in a Telegram chat that suggested the group had inside access to the cryptocurrency platform. One of the screenshots appeared to show the user's total cryptocurrency balance of $300,000, along with tabs to view their ID verifications and payment methods. BleepingComputer also notes the screenshots showed a support panel with access to customer information, including email address, date of birth, and phone number.
The screenshots indicate that the Coinbase contractor was supplying user information to a hacker, likely to hijack their accounts and steal their cryptocurrency. It’s unclear if Scattered LAPSUS$ Hunters was behind the scheme or simply received the screenshots from other cybercriminals. But in the Telegram chat, the gang suggests it posted the screenshot by accident.
Coinbase says it has since fired the contractor, notified affected users, and reported the incident to relevant regulators. Still, the breach occurred months after the cryptocurrency platform faced an ever-wider hack, also involving cybercriminals bribing Coinbase customer support agents for details on over 69,000 user accounts.
The breach was later traced to contractors in India at a company called TaskUs, who were allegedly bribed to take screenshots of user account information. TaskUs reportedly dismissed around 300 employees involved in the scheme. At the time, Coinbase said it was also bolstering its security around customer support, but it doesn't look like it was enough to prevent a repeat.