Yazılar

Coinbase Faces Up to $400M Loss from Cyberattack, SEC Scrutiny Adds Further Pressure

/in /tarafından

Coinbase (COIN.O) warned it could incur a loss of $180 million to $400 million from a cyberattack that breached the account data of a small subset” of customers, the company disclosed in a regulatory filing on Thursday. The breach comes at a critical time for the crypto exchange, just days before it is set to join the S&P 500 index.

Breach Details:

  • Coinbase received a ransom email on May 11 from a threat actor claiming to have internal documents and customer data.

  • While login credentials and passwords were not compromised, attackers obtained names, email addresses, and physical addresses.

  • Hackers tricked some users into sending funds, and Coinbase pledged to reimburse those affected.

  • The breach reportedly involved foreign contractors and support staff, several of whom have since been terminated.

Coinbase has refused a $20 million ransom demand and instead offered a $20 million reward for information on the attackers. The company said it’s cooperating with law enforcement and plans to open a new U.S.-based support hub to boost security.

SEC Investigation:

  • In a separate issue, the U.S. Securities and Exchange Commission (SEC) is investigating whether Coinbase misstated its user figures in past reports.

  • The SEC is specifically reviewing the company’s verified user” metric, which Coinbase stopped reporting 2.5 years ago.

  • There is speculation that the probe could relate to know-your-customer (KYC) compliance, though Coinbase denies any such inquiry is ongoing.

This is a hold-over investigation from the prior administration,” said Paul Grewal, Coinbase’s Chief Legal Officer.
We strongly believe this investigation should not continue.”

The SEC declined to comment on the status of the probe.

Market Impact and Industry Implications:

  • Coinbase shares fell 6.5% following news of the breach and investigation.

  • The incident casts a shadow over its upcoming inclusion in the S&P 500, which had been seen as a milestone for mainstream crypto legitimacy.

  • The breach also adds to industry-wide concerns, following the $1.5 billion Bybit hack in February, part of an estimated $2.2 billion in stolen crypto assets in 2024, according to Chainalysis.

The cyberattack may push the industry to adopt stricter employee vetting and introduce reputational risks,” said Bo Pei, analyst at U.S. Tiger Securities.

Coinbase is now also facing a lawsuit in New York alleging it failed to secure personal data of millions of users.

As the crypto industry matures, the growing scale of attacks and regulatory scrutiny continue to challenge the sector’s trust, security, and investor confidence.

Star Health Hacker Claims Responsibility for Death Threats and Bullet Packages Sent to Executives

/in /tarafından

The hacker known as xenZen”, who last year leaked sensitive data from Star Health and Allied Insurance CompanyIndia’s largest health insurer—has claimed responsibility for sending death threats and bullet cartridges to the company’s top executives, according to a March 31 email obtained by Reuters.

In a chilling escalation, xenZen said the threats were a direct reprisal for the insurer’s alleged denial of medical claims to customers. The packages, reportedly sent in February to Star Health’s headquarters in Chennai, Tamil Nadu, were addressed to CEO Anand Roy and CFO Nilesh Kambli. Inside, a note warned:

next one will go in ur and ur peoples head. tik tik tik.”

Reuters reviewed photographs included in the hacker’s email that appear to show the threatening packages. While the news agency has not independently verified the hacker’s identity or the full accuracy of the information provided, three Indian police sources confirmed that a criminal investigation is underway. According to one source, a man in the neighboring state of Telangana has been arrested for allegedly facilitating the delivery of the packages.

Star Health declined to comment in detail, citing an “ongoing, highly sensitive criminal investigation.” CFO Kambli directed inquiries to the company’s PR team, and CEO Roy did not respond to calls for comment.

The case adds to growing concerns over executive security in the healthcare industry, especially after the murder of UnitedHealthcare CEO Brian Thompson in December — an incident that reportedly inspired xenZen’s threats.

Last year, the hacker leaked what they claimed was 7.24 terabytes of personal data related to over 31 million customers, including medical reports and insurance details. Star Health confirmed the data breach, which followed a ransom demand of $68,000. The company has since launched legal action against xenZen and Telegram, which was used to distribute the stolen data via chatbots. Those bots have since been removed.

In the latest email, xenZen claimed the threats followed requests from disgruntled customers who alleged their valid claims had been denied despite having coverage. Star Health has not responded to these specific allegations.

As the case unfolds, the incident raises urgent questions about data security, corporate accountability, and the physical safety of executives in an era where cyberattacks increasingly blur into real-world consequences.

Ransomware Gang Lockbit Reportedly Hacked in Embarrassing Leak

/in /tarafından

In an ironic twist, Lockbitone of the world’s most notorious ransomware gangs — appears to have fallen victim to a cyberattack of its own, according to security analysts and a rogue message posted on one of the group’s darkweb sites.

On Wednesday, Lockbit’s site was replaced with a taunting message that read:

Don’t do crime. CRIME IS BAD xoxo from Prague
The site also included a link to what appears to be a leaked cache of internal data, potentially containing chats between Lockbit members and their victims.

While Reuters has not independently verified the data, multiple cybersecurity experts have assessed the leak and confirmed its authenticity.

It’s legit,” said Jon DiMaggio, chief security strategist at Analyst1.
Christiaan Beek of Rapid7 noted the leak revealed Lockbit’s indiscriminate targeting — even aggressively pursuing small businesses for minor ransom payouts.
They attack everyone,” he added.

Who hacked Lockbit remains unclear, and some of the group’s associated darkweb infrastructure is currently down, with placeholder messages stating sites will be “working soon.” However, the damage may already be done.

This is not the first time Lockbit has faced disruption. In 2023, U.K. and U.S. authorities, alongside international partners, seized parts of the gang’s infrastructure. At the time, Lockbit quickly resurfaced and defiantly declared,

I cannot be stopped.”
But this latest incident appears more personal — and humiliating.

DiMaggio described the breach as a significant blow to the gang’s operations and credibility:

I think it will hurt them and slow them down.”

Lockbit, once dubbed “the Walmart of ransomwaredue to its prolific activity and reach, now faces a potentially destabilizing turn of events — and an unexpected reminder that even cybercriminals aren’t immune to being hacked.