Coinbase遭遇4億美元數(shù)據(jù)泄露案曝光
Ben Weiss,,Jeff John Roberts
2025-06-03
Coinbase聯(lián)合創(chuàng)始人兼首席執(zhí)行官布賴恩·阿姆斯特朗于2022年在印度班加羅爾出席活動時發(fā)表演講。圖片來源:Samyukta Lakshmi—Bloomberg/Getty Images
5月15日,,Coinbase披露,,有不法分子竊取了數(shù)萬名客戶的個人信息,成為該公司有史以來最為嚴重的一次安全事件,預計損失高達4億美元,。此次數(shù)據(jù)泄露事件之所以引人關注,,不僅是因為事件的規(guī)模,更因為其手法格外罕見:黑客通過賄賂海外客服人員,,獲取了機密的客戶資料,。
Coinbase已公開宣布懸賞2,000萬美元追緝此次數(shù)據(jù)盜竊事件的幕后黑手。這些不法分子還試圖以此勒索公司,,要求其隱瞞事件真相,。但Coinbase尚未披露有關黑客身份或其如何精準鎖定公司客服人員的具體細節(jié)。
《財富》雜志近期的一項調(diào)查,,通過查閱Coinbase與其中一名黑客之間的郵件往來,,揭示了有關該事件的更多細節(jié)。這些信息強烈暗示,,一個由講英語的年輕黑客組成的松散組織可能要對此次事件負部分責任,。同時,調(diào)查也凸顯出所謂“BPO”(業(yè)務流程外包)公司,,成了科技公司安全運營中的薄弱環(huán)節(jié),。
“內(nèi)鬼”作案
事件的起點是一家名為TaskUs的小型上市公司,總部位于得克薩斯州新布朗費爾斯,。與其他BPO公司一樣,TaskUs通過雇傭海外員工,,以低成本為大型科技公司提供客戶服務,。據(jù)該公司發(fā)言人透露,今年1月,,TaskUs在印度印多爾的服務中心裁減了226名為Coinbase提供服務的員工,。
根據(jù)提交給美國證券交易委員會(Securities and Exchange Commission)的文件,自2017年以來,,TaskUs一直為美國加密貨幣巨頭Coinbase提供客戶服務人員,,這一合作為后者大幅節(jié)省了人力成本。但問題也隨之而來:當客戶發(fā)送郵件咨詢賬戶或Coinbase的新產(chǎn)品時,,回復他們的可能是身處海外的TaskUs員工,。由于這些客服人員的薪資遠低于美國本土員工,事實證明他們更容易受到賄賂誘惑,。
TaskUs發(fā)言人在回應Coinbase事件時對《財富》雜志表示:“今年年初,,我們發(fā)現(xiàn)有兩人非法獲取了我們某一客戶的信息。我們認為,,這兩人是被一個規(guī)模更大,、組織嚴密的針對該客戶的犯罪活動所招募,這起犯罪活動還波及到為這位客戶提供服務的其他多家機構(gòu)?!?/p>
根據(jù)Coinbase提交的監(jiān)管文件,,TaskUs在1月的裁員發(fā)生于Coinbase發(fā)現(xiàn)客戶數(shù)據(jù)被盜之后不到一個月。上周二,,在紐約提起的一項代表Coinbase客戶的聯(lián)邦集體訴訟指控TaskUs在客戶數(shù)據(jù)保護方面存在重大疏忽,。TaskUs發(fā)言人表示:“雖然我們無法就訴訟發(fā)表評論,但我們認為相關指控毫無根據(jù),,并將積極應訴,。我們始終將保障客戶及其用戶的數(shù)據(jù)安全置于最高優(yōu)先級,并持續(xù)加強我們的全球安全機制與培訓項目,?!?/p>
一位了解此次安全事件的知情人士表示,黑客還曾以其他BPO公司為目標,,在部分情況下曾經(jīng)得手,,且每次竊取的數(shù)據(jù)性質(zhì)各不相同。這位人士因希望坦率發(fā)言要求匿名,。
這些被竊數(shù)據(jù)尚不足以讓黑客攻破Coinbase的加密貨幣金庫,,卻為犯罪分子提供了大量信息,幫助他們冒充Coinbase客服人員聯(lián)系客戶,,并誘導客戶交出加密貨幣資金,。Coinbase表示,黑客共竊取了超過6.9萬名客戶的數(shù)據(jù),,但并未透露其中有多少人成了所謂“社會工程詐騙”的受害者,。
在此次事件中,社會工程詐騙的手法包括:犯罪分子利用竊取的數(shù)據(jù)冒充Coinbase員工,,騙取受害者的信任,,并誘騙受害者轉(zhuǎn)移其加密貨幣資金。
Coinbase在一份聲明中表示:“正如我們此前已披露的,,我們近期發(fā)現(xiàn)有不法分子自2024年12月起唆使海外客服人員獲取客戶賬戶信息,。我們已通知受影響用戶和監(jiān)管機構(gòu),終止了與涉事TaskUs員工及其他相關海外客服人員的合作,,并加強了內(nèi)部管控,。”Coinbase還表示,,公司將對在詐騙中遭受資金損失的客戶予以賠償,。
Coinbase補充指出,其公開引用的4億美元這個數(shù)字是其對數(shù)據(jù)泄露總成本預估范圍的上限,,下限估算為1.8億美元,。
雖然冒充公司員工實施“社會工程詐騙”的方式并不新鮮,,但此次黑客以BPO公司目標所達到的規(guī)模之大實屬罕見。盡管目前尚未有確切證據(jù)指向具體作案者,,但多條線索均指向了一個由講英語的年輕黑客組成的松散組織,。
“他們來自電子游戲世界”
在5月中旬Coinbase數(shù)據(jù)泄露事件曝光后的幾天里,《財富》雜志通過Telegram與一名自稱“puffy party”的人士進行過信息交流,,對方聲稱自己是此次黑客事件的參與者之一,。
兩位與該匿名黑客有過交流的安全研究人員對《財富》表示,他們認為此人的話具有可信度,。其中一人表示:“根據(jù)他分享給我的內(nèi)容,,我認為他的說法值得重視,且未找到證據(jù)證明他的陳述是虛假的,?!眱晌谎芯咳藛T均要求匿名,理由是擔心因與疑似黑客接觸而收到法院傳票,。
在交流中,,此人分享了大量據(jù)稱是與Coinbase安全團隊之間的電子郵件截圖。其與公司溝通時使用的姓名為“Lennard Schroeder”,。他還分享了一名Coinbase前高管的賬戶截圖,,顯示了該賬戶的加密貨幣交易記錄以及大量個人信息。
Coinbase方面并未否認這些截圖的真實性,。
這位自稱黑客的人士分享的郵件中,,包括要求支付價值2,000萬美元的比特幣的勒索威脅,但Coinbase已拒絕支付,。郵件中還嘲諷稱,,該黑客團伙將用部分贖金為Coinbase光頭首席執(zhí)行官布賴恩·阿姆斯特朗購買假發(fā)。黑客在郵件中寫道:“我們愿意贊助他去植發(fā),,讓他能帶著一頭新發(fā)優(yōu)雅地走遍世界?!?/p>
在Telegram上的對話中,,這位黑客(《財富》雜志從一位安全研究員處得知其存在)還表達了對Coinbase的蔑視。
雖然許多加密貨幣劫案通常由俄羅斯犯罪團伙或朝鮮軍方實施,,但這名所謂的黑客表示,,此次事件是由一群松散聯(lián)系的青少年和二十出頭的年輕人所為,他們自稱為“Comm”或“Com”——即“Community”(社區(qū))的簡稱,。
過去兩年間,,關于Comm組織的報道不斷出現(xiàn)在其他黑客事件的媒體報道中。本月早些時候,,《紐約時報》的一篇報道中,,一名涉嫌參與多起加密貨幣盜竊的嫌疑人自稱為該組織成員,。另據(jù)《華爾街日報》報道,2023年,,調(diào)查人員確認一批與“Comm”有關的黑客曾入侵拉斯維加斯多家賭場的線上系統(tǒng),,并試圖向米高梅度假村(MGM Resorts)勒索3,000萬美元。
與主要以牟利為目的的俄羅斯或朝鮮加密貨幣黑客不同,,“Comm”組織成員的動機往往源于追求關注度,,或者制造惡作劇帶來的刺激感。他們有時協(xié)作發(fā)動攻擊,,有時則彼此競爭,,看誰能盜走更多資產(chǎn)。
加密貨幣調(diào)查取證機構(gòu)Cryptoforensic Investigators的調(diào)查主管喬?!扃?達克特表示:“他們最初來自電子游戲世界,,然后把游戲里的‘高分’帶到了現(xiàn)實中。在現(xiàn)實世界里,,他們的‘高分’就是偷到多少錢,。”
在Telegram對話中,,這位自稱的黑客表示,,“Comm”組織內(nèi)部各成員在黑客行動中分工明確。他所在的小組負責賄賂客服人員并收集客戶數(shù)據(jù),,然后將這些信息交給其他擅長實施“社會工程詐騙”的團隊操作,。他補充道,這些與“Comm”有關的不同團體通過Telegram和Discord等社交平臺協(xié)調(diào)各自負責的環(huán)節(jié),,并約定好分贓方式,。
加密貨幣調(diào)查公司Tracelon的創(chuàng)始人塞爾希奧·加西亞對《財富》雜志表示,這位黑客對Coinbase被攻擊事件的描述,,與他所觀察到的“Comm”組織運作模式及其他加密詐騙案例高度一致,。一位了解安全事件的知情人士補充道,近期針對客戶實施“社會工程詐騙”的攻擊者所使用的是無口音的北美英語,。
據(jù)一位了解BPO行業(yè)薪資情況的知情人士透露,,TaskUs在印度的員工每月薪資在500至700美元之間。TaskUs對此拒絕置評,。盡管這一收入水平高于印度人均國內(nèi)生產(chǎn)總值,,但Tracelon創(chuàng)始人加西亞對《財富》雜志表示,如此低的薪資使客服人員更容易受到賄賂誘惑,。
他補充道:“顯然,,這就是整個鏈條中最薄弱的環(huán)節(jié),因為他們有接受賄賂的經(jīng)濟動機,?!保ㄘ敻恢形木W(wǎng))
譯者:劉進龍
審校:汪皓
5月15日,,Coinbase披露,有不法分子竊取了數(shù)萬名客戶的個人信息,,成為該公司有史以來最為嚴重的一次安全事件,,預計損失高達4億美元。此次數(shù)據(jù)泄露事件之所以引人關注,,不僅是因為事件的規(guī)模,,更因為其手法格外罕見:黑客通過賄賂海外客服人員,獲取了機密的客戶資料,。
Coinbase已公開宣布懸賞2,000萬美元追緝此次數(shù)據(jù)盜竊事件的幕后黑手,。這些不法分子還試圖以此勒索公司,要求其隱瞞事件真相,。但Coinbase尚未披露有關黑客身份或其如何精準鎖定公司客服人員的具體細節(jié),。
《財富》雜志近期的一項調(diào)查,通過查閱Coinbase與其中一名黑客之間的郵件往來,,揭示了有關該事件的更多細節(jié),。這些信息強烈暗示,一個由講英語的年輕黑客組成的松散組織可能要對此次事件負部分責任,。同時,,調(diào)查也凸顯出所謂“BPO”(業(yè)務流程外包)公司,成了科技公司安全運營中的薄弱環(huán)節(jié),。
“內(nèi)鬼”作案
事件的起點是一家名為TaskUs的小型上市公司,,總部位于得克薩斯州新布朗費爾斯。與其他BPO公司一樣,,TaskUs通過雇傭海外員工,,以低成本為大型科技公司提供客戶服務。據(jù)該公司發(fā)言人透露,,今年1月,,TaskUs在印度印多爾的服務中心裁減了226名為Coinbase提供服務的員工。
根據(jù)提交給美國證券交易委員會(Securities and Exchange Commission)的文件,,自2017年以來,,TaskUs一直為美國加密貨幣巨頭Coinbase提供客戶服務人員,這一合作為后者大幅節(jié)省了人力成本,。但問題也隨之而來:當客戶發(fā)送郵件咨詢賬戶或Coinbase的新產(chǎn)品時,,回復他們的可能是身處海外的TaskUs員工,。由于這些客服人員的薪資遠低于美國本土員工,,事實證明他們更容易受到賄賂誘惑。
TaskUs發(fā)言人在回應Coinbase事件時對《財富》雜志表示:“今年年初,,我們發(fā)現(xiàn)有兩人非法獲取了我們某一客戶的信息,。我們認為,,這兩人是被一個規(guī)模更大、組織嚴密的針對該客戶的犯罪活動所招募,,這起犯罪活動還波及到為這位客戶提供服務的其他多家機構(gòu),。”
根據(jù)Coinbase提交的監(jiān)管文件,,TaskUs在1月的裁員發(fā)生于Coinbase發(fā)現(xiàn)客戶數(shù)據(jù)被盜之后不到一個月,。上周二,在紐約提起的一項代表Coinbase客戶的聯(lián)邦集體訴訟指控TaskUs在客戶數(shù)據(jù)保護方面存在重大疏忽,。TaskUs發(fā)言人表示:“雖然我們無法就訴訟發(fā)表評論,,但我們認為相關指控毫無根據(jù),并將積極應訴,。我們始終將保障客戶及其用戶的數(shù)據(jù)安全置于最高優(yōu)先級,,并持續(xù)加強我們的全球安全機制與培訓項目?!?/p>
一位了解此次安全事件的知情人士表示,,黑客還曾以其他BPO公司為目標,在部分情況下曾經(jīng)得手,,且每次竊取的數(shù)據(jù)性質(zhì)各不相同,。這位人士因希望坦率發(fā)言要求匿名。
這些被竊數(shù)據(jù)尚不足以讓黑客攻破Coinbase的加密貨幣金庫,,卻為犯罪分子提供了大量信息,,幫助他們冒充Coinbase客服人員聯(lián)系客戶,并誘導客戶交出加密貨幣資金,。Coinbase表示,,黑客共竊取了超過6.9萬名客戶的數(shù)據(jù),但并未透露其中有多少人成了所謂“社會工程詐騙”的受害者,。
在此次事件中,,社會工程詐騙的手法包括:犯罪分子利用竊取的數(shù)據(jù)冒充Coinbase員工,騙取受害者的信任,,并誘騙受害者轉(zhuǎn)移其加密貨幣資金,。
Coinbase在一份聲明中表示:“正如我們此前已披露的,我們近期發(fā)現(xiàn)有不法分子自2024年12月起唆使海外客服人員獲取客戶賬戶信息,。我們已通知受影響用戶和監(jiān)管機構(gòu),,終止了與涉事TaskUs員工及其他相關海外客服人員的合作,并加強了內(nèi)部管控,?!盋oinbase還表示,公司將對在詐騙中遭受資金損失的客戶予以賠償,。
Coinbase補充指出,,其公開引用的4億美元這個數(shù)字是其對數(shù)據(jù)泄露總成本預估范圍的上限,,下限估算為1.8億美元。
雖然冒充公司員工實施“社會工程詐騙”的方式并不新鮮,,但此次黑客以BPO公司目標所達到的規(guī)模之大實屬罕見,。盡管目前尚未有確切證據(jù)指向具體作案者,但多條線索均指向了一個由講英語的年輕黑客組成的松散組織,。
“他們來自電子游戲世界”
在5月中旬Coinbase數(shù)據(jù)泄露事件曝光后的幾天里,,《財富》雜志通過Telegram與一名自稱“puffy party”的人士進行過信息交流,對方聲稱自己是此次黑客事件的參與者之一,。
兩位與該匿名黑客有過交流的安全研究人員對《財富》表示,,他們認為此人的話具有可信度。其中一人表示:“根據(jù)他分享給我的內(nèi)容,,我認為他的說法值得重視,,且未找到證據(jù)證明他的陳述是虛假的?!眱晌谎芯咳藛T均要求匿名,,理由是擔心因與疑似黑客接觸而收到法院傳票。
在交流中,,此人分享了大量據(jù)稱是與Coinbase安全團隊之間的電子郵件截圖,。其與公司溝通時使用的姓名為“Lennard Schroeder”。他還分享了一名Coinbase前高管的賬戶截圖,,顯示了該賬戶的加密貨幣交易記錄以及大量個人信息,。
Coinbase方面并未否認這些截圖的真實性。
這位自稱黑客的人士分享的郵件中,,包括要求支付價值2,000萬美元的比特幣的勒索威脅,,但Coinbase已拒絕支付。郵件中還嘲諷稱,,該黑客團伙將用部分贖金為Coinbase光頭首席執(zhí)行官布賴恩·阿姆斯特朗購買假發(fā),。黑客在郵件中寫道:“我們愿意贊助他去植發(fā),讓他能帶著一頭新發(fā)優(yōu)雅地走遍世界,?!?/p>
在Telegram上的對話中,這位黑客(《財富》雜志從一位安全研究員處得知其存在)還表達了對Coinbase的蔑視,。
雖然許多加密貨幣劫案通常由俄羅斯犯罪團伙或朝鮮軍方實施,,但這名所謂的黑客表示,此次事件是由一群松散聯(lián)系的青少年和二十出頭的年輕人所為,,他們自稱為“Comm”或“Com”——即“Community”(社區(qū))的簡稱,。
過去兩年間,關于Comm組織的報道不斷出現(xiàn)在其他黑客事件的媒體報道中。本月早些時候,,《紐約時報》的一篇報道中,一名涉嫌參與多起加密貨幣盜竊的嫌疑人自稱為該組織成員,。另據(jù)《華爾街日報》報道,,2023年,調(diào)查人員確認一批與“Comm”有關的黑客曾入侵拉斯維加斯多家賭場的線上系統(tǒng),,并試圖向米高梅度假村(MGM Resorts)勒索3,000萬美元,。
與主要以牟利為目的的俄羅斯或朝鮮加密貨幣黑客不同,“Comm”組織成員的動機往往源于追求關注度,,或者制造惡作劇帶來的刺激感,。他們有時協(xié)作發(fā)動攻擊,有時則彼此競爭,,看誰能盜走更多資產(chǎn),。
加密貨幣調(diào)查取證機構(gòu)Cryptoforensic Investigators的調(diào)查主管喬希·庫珀-達克特表示:“他們最初來自電子游戲世界,,然后把游戲里的‘高分’帶到了現(xiàn)實中,。在現(xiàn)實世界里,他們的‘高分’就是偷到多少錢,?!?/p>
在Telegram對話中,這位自稱的黑客表示,,“Comm”組織內(nèi)部各成員在黑客行動中分工明確,。他所在的小組負責賄賂客服人員并收集客戶數(shù)據(jù),然后將這些信息交給其他擅長實施“社會工程詐騙”的團隊操作,。他補充道,,這些與“Comm”有關的不同團體通過Telegram和Discord等社交平臺協(xié)調(diào)各自負責的環(huán)節(jié),并約定好分贓方式,。
加密貨幣調(diào)查公司Tracelon的創(chuàng)始人塞爾希奧·加西亞對《財富》雜志表示,,這位黑客對Coinbase被攻擊事件的描述,與他所觀察到的“Comm”組織運作模式及其他加密詐騙案例高度一致,。一位了解安全事件的知情人士補充道,,近期針對客戶實施“社會工程詐騙”的攻擊者所使用的是無口音的北美英語。
據(jù)一位了解BPO行業(yè)薪資情況的知情人士透露,,TaskUs在印度的員工每月薪資在500至700美元之間,。TaskUs對此拒絕置評。盡管這一收入水平高于印度人均國內(nèi)生產(chǎn)總值,,但Tracelon創(chuàng)始人加西亞對《財富》雜志表示,,如此低的薪資使客服人員更容易受到賄賂誘惑。
他補充道:“顯然,這就是整個鏈條中最薄弱的環(huán)節(jié),,因為他們有接受賄賂的經(jīng)濟動機,。”(財富中文網(wǎng))
譯者:劉進龍
審校:汪皓
On May 15, Coinbase revealed that criminals had stolen personal data from tens of thousands of customers—the biggest security incident in the company’s history, and one that is poised to cost it as much as $400 million. The breach is notable not only for its scale, but the way the hackers went about it: Bribing overseas customer support agents to share confidential customer records.
Coinbase has responded by publicly announcing it had put a $20 million bounty on those who stole the data, and who sought to blackmail the company so as not to reveal the incident. But it has shared few details about who carried out the attack or how the hackers were able to target its agents so successfully.
A recent investigation by Fortune, including a review of email messages between Coinbase and one of the hackers, has uncovered new details about the incident that strongly suggest a loose network of young English-speaking hackers are partly responsible. Meanwhile, the findings also highlight the role of so-called BPOs, or business process outsourcing units, as a weak link in tech firms’ security operations.
An inside job
The story starts with a small but publicly traded company based in New Braunfels, Texas, called TaskUs. Like other BPOs, it provides customer services to big tech at a low cost by employing staff overseas. In January, TaskUs laid off 226 staff members working for Coinbase from its service center in Indore, India, according to a company spokesperson.
Since 2017, according to a filing with the Securities and Exchange Commission, TaskUs has provided customer service personnel to Coinbase, an arrangement that reaps the U.S. crypto giant significant savings in labor costs. But there’s a catch, of course: When customers email to inquire about their accounts or a new Coinbase product, they’re likely talking to an overseas TaskUs employee. And because these agents earn low wages compared to workers in the U.S., they’ve proved susceptible to bribes.
“Early this year we identified two individuals who illegally accessed information from one of our clients,” a TaskUs spokesperson told Fortune, in reference to Coinbase. “We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”
The TaskUs firings in January came less than a month after Coinbase discovered theft of customer data, according to a regulatory filing from the company. On Tuesday, a federal class action suit filed in New York on behalf of Coinbase customers accused TaskUs of negligence in protecting customer data. “While we cannot comment on litigation, we believe these claims are without merit and intend to defend ourselves,” a TaskUs spokesperson said. “We place the highest priority on safeguarding the data of our clients and their customers and continue to strengthen our global security protocols and training programs.”
A person familiar with the security incident, who asked not to be identified in order to speak candidly, said the hackers had also targeted other BPOs, in some cases successfully, and that the nature of the data stolen varied according to each incident.
This stolen data was not enough for the hackers to break into Coinbase’s crypto vaults. But it did provide a wealth of information to help criminals pose as fake Coinbase agents, who contacted customers and persuaded them to hand over their crypto funds. The company says the hackers stole the data of over 69,000 customers, but did not say how many of these had been victims of so-called social engineering scams.
The social engineering scams in this case involved criminals who used the stolen data to impersonate Coinbase employees and persuade victims to transfer their crypto funds.
“As we’ve already disclosed, we recently discovered that a threat actor had solicited overseas agents to capture customer account information dating back to December of 2024. We notified affected users and regulators, cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls,” said Coinbase in a statement, adding it is reimbursing customers who lost funds in the scams.
Coinbase also stated that the $400 million figure it has cited publicly as the overall cost of the breach is at the top end of its estimates, and that its low-end figure is $180 million.
While social engineering scams that revolve around impersonation of company representatives are hardly new, the scale at which hackers targeted BPOs does appear to be novel. And while no one has definitively identified the perpetrators, a number of clues point strongly to a loosely affiliated network of young English-speaking hackers.
‘They come from video games’
In the days following the disclosure of the Coinbase breach in mid-May, Fortune exchanged messages on Telegram with an individual who called himself “puffy party” and who claims to be one of the hackers.
Two other security researchers who spoke with the anonymous hacker told Fortune they found the individual to be credible. “Based on what he shared with me, I took his statements seriously and was unable to find evidence that his statements were false,” said one. Both researchers requested anonymity because they were afraid of receiving subpoenas for speaking with the purported hacker.
In the exchanges, the individual shared numerous screenshots of what they said were emails with Coinbase’s security team. The name they used to communicate with the company was “Lennard Schroeder.” They also shared screenshots of a Coinbase account belonging to a former executive of the company that displayed crypto transactions and extensive personal details.
Coinbase did not deny the authenticity of the screenshots.
The emails shared by the purported hacker include the blackmail threat for $20 million in Bitcoin, which Coinbase refused to pay, and mocking comments about how the hacking group would use some of the proceeds to purchase hair for Brian Armstrong, the company’s bald CEO. “We’re willing to sponsor a hair transplant so that he may graciously traverse the world with a fresh set of hair,” wrote the hackers.
In the Telegram messages, the person—whose existence Fortune learned of from a security researcher—expressed contempt for Coinbase.
Many crypto robberies are carried out by Russian criminal gangs or the North Korean military, but the alleged hacker says the job was pulled off by a loose affiliation of teenagers and 20-somethings alternatively called the “Comm” or “Com” —shorthand for the Community.
In the last two years, reports of the Comm have bubbled up in media reports about other hacking incidents, including a New York Times story earlier this month in which one of the alleged perpetrators of a series of crypto thefts identified himself as a member of the group. And in 2023, hackers, whom investigators identified as part of the Comm, targeted the online operations of a handful of Las Vegas casinos and tried to extort MGM Resorts for $30 million, according to the Wall Street Journal.
Unlike the Russian and North Korean crypto hackers, who are typically seeking only money, members of the Comm are often motivated by attention seeking or the thrill of mischief as well. They sometimes collaborate on hacking attacks but also compete with each other to see who can steal more.
“They come from video games, and then they bring their high scores into the real world,” said Josh Cooper-Duckett, director of investigations at Cryptoforensic Investigators. “And their high score in this world is how much money they steal.”
In the Telegram messages, the purported hacker said that members of the Comm specialize in different parts of a heist. The hacker’s team bribed the customer support agents and gathered the customer data, which they gave to others outside of their group who are well-versed in carrying out social engineering scams. They added that different Comm-affiliated groups coordinated on social platforms like Telegram and Discord about how to carry out different portions of the operation and agreed to split the proceeds.
Sergio Garcia, founder of the crypto investigations company Tracelon, told Fortune that the hacker’s description of the Coinbase exploit mirrors his observations of how the Comm operates and other crypto social engineering scams. The person familiar with the security incidents said those who targeted customers in recent social engineering scams spoke in unaccented North American English.
TaskUs workers in India are paid between $500 and $700 per month, according to a source familiar with the BPO workers’ wages. TaskUs declined to comment. Even though that amounts to more than India’s gross domestic product per person, the low wages of customer support agents often make them more susceptible to bribes, Garcia told Fortune.
“Obviously that’s the weakest point in the chain, because there is an economic reason for them to accept the bribe,” he added.
財富中文網(wǎng)所刊載內(nèi)容之知識產(chǎn)權(quán)為財富媒體知識產(chǎn)權(quán)有限公司及/或相關權(quán)利人專屬所有或持有,。未經(jīng)許可,,禁止進行轉(zhuǎn)載、摘編,、復制及建立鏡像等任何使用,。
