{"id":12786,"date":"2025-06-06T17:43:44","date_gmt":"2025-06-06T12:13:44","guid":{"rendered":"https:\/\/threatcop.com\/blog\/?p=12786"},"modified":"2025-06-18T18:40:18","modified_gmt":"2025-06-18T13:10:18","slug":"coinbases-20m-phishing-attack","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/","title":{"rendered":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Coinbase is the world\u2019s 3rd largest crypto exchange. The company recently faced a phishing attack. Some external actors bribed overseas customer support agents to gain internal system access. They demanded $20 million in Bitcoin not to leak the data, which was a small subset of users. As per Coinbase, it was less than 1% of active users. But how does it happen, and why should you rethink your <a href=\"https:\/\/threatcop.com\/blog\/insider-threats\/\">insider security<\/a>?<\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#So_What_Actually_Happened\" >So, What Actually Happened?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#Why_Did_This_Attack_Hurt_Coinbase\" >Why Did This Attack Hurt Coinbase?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#Why_Should_You_Rethink\" >Why Should You Rethink?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#What_Can_You_Do_to_Avoid_Being_in_Such_a_Position\" >What Can You Do to Avoid Being in Such a Position?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#Final_Thoughts\" >Final Thoughts<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Let\u2019s discuss this in detail.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"So_What_Actually_Happened\"><\/span><span style=\"color: #000000;\"><b>So, What Actually Happened?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Recently, Coinbase revealed that they faced a serious phishing attack, but it was not some usual \u201cclick this link\u201d scam. They worked their way in through people, bribing customer support staff to hand over access to internal systems.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">This kind of <a href=\"https:\/\/threatcop.com\/blog\/types-of-social-engineering-attacks\/\">social engineering<\/a> is tough to defend against because it relies on trust and human error. Brian Armstrong, Coinbase\u2019s CEO, said the attackers had been approaching support agents for months, trying to \u201cbribe\u201d them for info. These insiders leaked limited user account data to the attackers.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After stealing the data, the hackers tried to extort Coinbase for $20 million in Bitcoin, threatening to leak the breach publicly. However, Coinbase refused to pay. The positive part was that stolen data didn\u2019t include passwords, private keys, or crypto funds. So, the most sensitive information stayed safe.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Still, this incident led to huge damage and fallout.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Did_This_Attack_Hurt_Coinbase\"><\/span><span style=\"color: #000000;\"><b>Why Did This Attack Hurt Coinbase?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Coinbase didn\u2019t pay ransom to the attacker, but they need to pay the much bigger amount, $400 million. This amount will go to users who fell for phishing scams. As per the SEC 8-K filing, they are expected to pay between $180 million and <a href=\"https:\/\/www.livemint.com\/market\/cryptocurrency\/400-million-coinbase-scam-what-role-did-this-indian-call-centre-play-in-the-companys-biggest-ever-fraud-11748748227742.html\" target=\"_blank\" rel=\"noreferrer noopener\">$400 million<\/a>.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">However, this amount will be spent on:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">Reimbursing affected users<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Improving internal systems<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Beefing up security to make sure this doesn\u2019t happen again<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After this breach, Coinbase has taken big steps, and they are relocating some of their customer support operations to limit access to sensitive systems. They\u2019re also tightening internal data controls and reevaluating who can access what.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Brian Armstrong even posted on X that \u201cThis has been in the works for months; the scammers were approaching agents, offering bribes, and trying to weasel their way in. It\u2019s unsettling. But it\u2019s also a wake-up call.\u201d<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Should_You_Rethink\"><\/span><span style=\"color: #000000;\"><b>Why Should You Rethink?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">This phishing attack is not just about Coinbase, but it is on the rise across industries. In the last few years, many companies have been facing constant cybersecurity threats. Social engineering scam is at the top of all.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Breaching technology has become harder for attackers and is time-consuming also. They trick your employees into breaching the firewall. Hackers impersonate CEOs, vendors, and trusted contacts to steal data or extort money.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">For instance, they can send an email to your employees that includes a phishing link, but it has been disguised as a Google Doc. When someone clicks on the link, hackers break your firewall very easily.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do_to_Avoid_Being_in_Such_a_Position\"><\/span><span style=\"color: #000000;\"><b>What Can You Do to Avoid Being in Such a Position?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">First, you need to find out whether your team spotted a phishing scam if it came disguised as a \u201ctrusted\u201d request. Do they know how to react if someone inside your company tries to sell sensitive information?<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If you\u2019re not sure, now\u2019s the time to act. Start with:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400; color: #000000;\">Running regular phishing simulation training.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Creating strict monitoring and controls on who can access sensitive data.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Encourage your team to speak up. Even the smallest red flag can stop a major breach.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400; color: #000000;\">Create a culture where reporting suspicious activity isn\u2019t just accepted; it\u2019s expected.<\/span><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">One of the best ways to stay prepared is to run employee awareness assessments that mimic real phishing attacks. Platforms like Threatcop\u2019s TSAT (<a href=\"https:\/\/threatcop.com\/threatcop-security-awareness-training\">Threatcop Security Awareness Training<\/a>) help identify who\u2019s most vulnerable and offer personalized training based on real performance.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">This isn\u2019t about scaring your team.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">It\u2019s about preparing them. Safely. Practically.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After all, preventing insider threats isn\u2019t just a technology issue. It\u2019s a people issue.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span><span style=\"color: #000000;\"><b>Final Thoughts<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Coinbase\u2019s phishing attack isn\u2019t an isolated event. It\u2019s a sign of what\u2019s becoming the norm. Attackers are smart, persistent, and human-focused. They know technology is hardened, so they go after people instead.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">You don\u2019t just need better firewalls\u2014you need better awareness.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><i><span style=\"font-weight: 400;\">So ask yourself:<\/span><\/i><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Is your team ready for the next phishing attempt?<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">If you\u2019re not sure, it\u2019s time to find out before someone else does.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Coinbase is the world\u2019s 3rd largest crypto exchange. The company recently faced a phishing attack. Some external actors bribed overseas customer support agents to gain internal system access. They demanded $20 million in Bitcoin not to leak the data, which was a small subset of users. As per Coinbase, it was less than 1% of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12787,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[284],"tags":[393],"class_list":["post-12786","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-digest","tag-coinbases-20m-phishing-attack"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?\" \/>\n<meta property=\"og:description\" content=\"Coinbase is the world\u2019s 3rd largest crypto exchange. The company recently faced a phishing attack. Some external actors bribed overseas customer support agents to gain internal system access. They demanded $20 million in Bitcoin not to leak the data, which was a small subset of users. As per Coinbase, it was less than 1% of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-06T12:13:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-18T13:10:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?\",\"datePublished\":\"2025-06-06T12:13:44+00:00\",\"dateModified\":\"2025-06-18T13:10:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/\"},\"wordCount\":749,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/unnamed-9.jpg\",\"keywords\":[\"Coinbase\u2019s $20M Phishing Attack\"],\"articleSection\":[\"News and Digest\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/\",\"name\":\"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/unnamed-9.jpg\",\"datePublished\":\"2025-06-06T12:13:44+00:00\",\"dateModified\":\"2025-06-18T13:10:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/unnamed-9.jpg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/unnamed-9.jpg\",\"width\":1280,\"height\":720,\"caption\":\"Coinbase\u2019s $20M Phishing Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/coinbases-20m-phishing-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/","og_locale":"en_US","og_type":"article","og_title":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?","og_description":"Coinbase is the world\u2019s 3rd largest crypto exchange. The company recently faced a phishing attack. Some external actors bribed overseas customer support agents to gain internal system access. They demanded $20 million in Bitcoin not to leak the data, which was a small subset of users. As per Coinbase, it was less than 1% of [&hellip;]","og_url":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2025-06-06T12:13:44+00:00","article_modified_time":"2025-06-18T13:10:18+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg","type":"image\/jpeg"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?","datePublished":"2025-06-06T12:13:44+00:00","dateModified":"2025-06-18T13:10:18+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/"},"wordCount":749,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg","keywords":["Coinbase\u2019s $20M Phishing Attack"],"articleSection":["News and Digest"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/","url":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/","name":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg","datePublished":"2025-06-06T12:13:44+00:00","dateModified":"2025-06-18T13:10:18+00:00","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2025\/06\/unnamed-9.jpg","width":1280,"height":720,"caption":"Coinbase\u2019s $20M Phishing Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/coinbases-20m-phishing-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Coinbase\u2019s $20M Phishing Attack: Why Should You Rethink Insider Security?"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=12786"}],"version-history":[{"count":1,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12786\/revisions"}],"predecessor-version":[{"id":12788,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/12786\/revisions\/12788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/12787"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=12786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=12786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=12786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}