> The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities
Based on the information present in the breach, I think it's likely that the source was their customer support in the Philippines. Monthly salary is usually < 1000$/month (entry-level probably even less than 500$) and a 5000$ bribe could be more than a year worth of money, tax-free. Considering the money you can make with that dataset now, this is just a small investment.
> •Name, address, phone, and email; •Masked Social Security (last 4 digits only); •Masked bank-account numbers and some bank account identifiers; •Government‑ID images (e.g., driver’s license, passport); •Account data (balance snapshots and transaction history); and •Limited corporate data (including documents, training material, and communications available to support agents).
This is every threat actor's dream. Even if you only had email addresses and account balances, this is a nightmare. Instead of blackmailing the company, you can now blackmail each individual user. "Send me 50% of your BTC and I won't publish all of your information on the internet". My guess is that we will have a similar situation like we had with the Vastaamo data breach...
> •Name, address, phone, and email;\
> blackmail each individual user
Blackmail would be the least of my worries, in France we had at least five kidnappings/attempted kidnappings related to crypto investors since the beginning of the year.
Yes that's true but it's weird they only focus on crypto investors' families? There are many rich people in France, what's the deal with cryptobros?
Crypto is advertised as providing irreversible transfers, and having ownership of assets solely established by ownership of keys. It shouldn't be surprising that such features would attract criminals.
You can easily establish the connection from a bank account to a person. A connection from a crypto wallet to a person is extremely difficult. Money laundering with crypto is also much easier (and cheaper usually).
In the vast majority of cases, it's actually extremely easy. It took less than an afternoon for me to learn how to trace 90%+ of transactions on either BTC or any of the networks built on Ethereum or an Ethereum-like protocol. There are large companies that specialize in exactly this, which make tools that allow government agents who have no particular crypto expertise to trace the majority of transactions.
It is possible to make your transactions extremely difficult to trace, but you really, really, REALLY have to know what you're doing.
Law enforcement loves that people think it's easy and cheap to launder money with crypto, though. It's made it vastly easier for them to catch those people!
I never doubted that it's possible but it's way harder than identifying bank accounts. There is a massive business behind crypto tracking, that's why companies like MasterCard have acquired CipherTrace. Some years ago there was a really good article / case study from them. I think it was related to a ransomware gang and they were able to identify the threat actor's wallets through crypto tumblers and chain hopping. It's just a matter of how much money and time are you willing to invest into finding out and not a matter of possibility.
You can trace the BTC or Ethereal transaction of coins, but you cannot trace the criminals after it's converted to Monero or some other "privacy" chain on an exchange run on the dark web. After that you're just tracing other owners, possibly who have no idea where that it was stolen. It literally takes a few hours to wash it all out.
It’s harder but not totally impossible with the traditional banking system. https://en.m.wikipedia.org/wiki/Bangladesh_Bank_robbery
Guessing their profits are regularly illegal or untaxed, so they're less likely to involve the police.
Seems unlikely given who has been targeted. I doubt the Ledger or Paymium guys have been evading tax on crypto given that they're publicly involved in it and likely would be scrutinised more than the average person by tax authorities.
This may seem callous, but isn't a large point of crypto that you are 'free' from the shackles imposed by the State?
And I guess that includes protection from criminals by the oppressive forces of the State (aka the police). In which case being kidnapped and having your fingers sent to your family is an integral part of your 'freedom'.
Crypto isn’t synonymous with anarchy, just like the internet isn’t synonymous with pornography. Both are cliches from long ago.
All of the victims are likely tax payers. Law and order is a fundamental service that a legitimate state must provide to all in its jurisdiction, even those who are only resident non-citizens and those that pay little to no taxes in a progressive tax system.
> Crypto isn’t synonymous with anarchy, just like the internet isn’t synonymous with pornography. Both are cliches from long ago.
Saying crypto isn’t synonymous with anarchy, like the internet isn’t with pornography, sidesteps the point. Pornography is just one use of the internet — not its central purpose.
But crypto wasn’t just built to host financial activity — it was designed to restructure it, removing reliance on central authorities. That core intent isn’t a cliché; it’s a defining feature.
Comparing it to incidental internet content is a rhetorical deflection, not a real counterpoint.
That's not what it was designed for, that's just a mixture of propaganda and confusion.
It was designed to solve the double-spending problem with digital currencies, replacing the need for "a authoritative ledger" with a one difficult to forge.
The political project around this was to provide people with a deflationary currency akin to gold, whose inflation could not be controlled by government.
The lack of government control over the inflation of this particular currency, and the lack of an authoritative ledger, are an extremely minimal sense of currency protections (, freedoms). They have as much to do with anarchy as the internet had with porn.
It was designed to avoid the need for existing financial institutions. The doublespend problem was merely the blocker that prevented people from otherwise doing it.
> A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.
Most (developed states at least) don’t claim the monetary system as a taxation medium. Debasement of currency is a bug not a feature. In the US, you are not required to process your transaction in USD but only need it to pay taxes.
Failed countries (ie: Turkey) rely on the financial system for taxation. Functioning countries shouldn’t care or be bothered by it.
Your point is merely a non sequitur: a change in banking isn’t related to paying taxes or the state as a whole, nor anarchy.
You’re not supporting your central thesis that disintermediating finance is in any way related to removing government — and people using Coinbase, a service that is centralized and does collaborate with government regulation seems to directly counter your stereotype of the customers.
Their point is correct: people who match your fantasy wouldn’t be Coinbase customers — you’re relying on old tropes.
It seems that law-abiding citizens often bear the greatest risk by declaring their assets to tax authorities and relying on so-called "trusted custodians" for savings. Ironically, for many, the safest course of action is likely non-disclosure, though this is, of course, illegal in much of the world.
I only have to declare crypto < 1 year in my holding which means that, while technically illegal to buy 1 second after the new tax year start and not declaring it, in practice, obviously, no-one cares about that. Especially as crypto is not a 1 second buy; it can take hours.
This may be surprising, but I actually don't think opting for a payment method with less consumer protections (that I pay cap gains tax on when if I dispose of it for a profit) is me ceding my right to be protected by the police. You're right that it does seem extremely callous and is honestly a disturbing mindset to have. Hopefully you never experience terror like the victims of the last few months in France experienced in your life.
> You're right that it does seem extremely callous and is honestly a disturbing mindset to have. Hopefully you never experience terror like the victims of the last few months in France experienced in your life.
Thanks for the tone-policing. But instead of implicitly suggesting that my mindset or tone is inappropriate, it would be great if we discussed the substance of the points.
> it would be great if we discussed the substance of the points.
Sure, just read the sentence from my response that you skipped over.
To be clear: I didn't implicitly suggest that your mindset of people who use crypto somehow ceding their right to protection from the state was inappropriate, I stated outright that it was a disturbing and callous mindset.
It's like suggesting that people who protest against police brutality shouldn't get protection from the police in emergency situations, or believe people who are racist to healthcare workers should lose all right to healthcare. The type of mindset held by those who care more about retribution against those who hold different views than a just society.
You can argue that once you are 'free' to own guns, defend yourself, and seek revenge. The state limits your ability to protect yourself, so it has to assume that responsibility.
The persons in France probably paid their taxes. So no, your premise is wrong in that the state will help vs. in a crypto no-tax world. Actually the de-jour crypto paradise didn’t have any kidnappings so far and you don’t have to pay taxes either.
> isn't a large point of crypto that you are 'free' from the shackles imposed by the State?
That's what people say, but it's probably not true given everyone leaves their coins on exchanges.
The state takes a flat 30% tax on capital gains regardless of the source, I'd say they paid their fair share
Depends on if they cashed out and how they did it. There was a big trend for a while to go live in Portugal for a while, enough to be considered a tax resident there, and then cash out there because (at the time, idk if it's still true), they had no (or little) tax on crypto cash out.
Yeah, I know two French people who did it (one of them avoided UK taxes as he was paid in crypto while working in the UK, the other it's muddier). I know three people in the space, and only those two were on the financial side, so to me, while Blockchain is still a legit tech, anybody using cryptocurrency I peg as a tax evader.
Good thing we have courts, lawyers and judges for that. It’s funny everyone here hates on Trump but as soon as something align with their view, they want a defacto no due process application.
Sorry if i implied anything, i must have missed part of the conversation, i was just confirming that did happen (taking the portugese residency to avoid crypto tax) a few years ago. In my opinion, police should protect even violent criminals from violence when possible, so of course i'm not advocating for anything to happen on tax "avoiders", and they should be protected. I was just stating that i know people in the crypto space, and if you are, i immediately peg you as a small-time sociopath from my past experience.
Also i don't care about them getting judged for tax evasion, i know they won't be and honestly, good for them. I also don't care for nonviolent thieves and think the same thing about them. Profiteering was not how i was raised, but i understand different people have different standards (and parents, luckily mine are great, it's not the case for everybody). People do what they need to do, i found some comportment sociopathic, but as long as it is nonviolent, i'm not mad.
Which state are you talking about? The 0% tax bracket for long-term capital gains in the U.S. for 2024 for single filers was $47,024, never mind the standard deduction. Then it goes up to 15%, then 20%.
It way worse. The US companies, pay $3-$6 per hour to outsource their support to the Philippines. The companies which provide the service have very high turnover rate. For some companies the employees stay on average about 6 months. There is absolutely no reason to be loyal.
Beyond the Philippines low wage, the point is that there is a price for "everybody" if it were in the US it will be a much higher price, and most probably paying for higher attack benefits.