Support Agents Allegedly Bribed, Millions Affected

In a lawsuit filed on May 16 in a New York federal court, plaintiff Paul Bender alleged that Coinbase failed to protect user data during a serious breach. The incident, which began on May 11, involved cybercriminals bribing support agents to gain access to internal systems.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The stolen data included names, addresses, phone numbers, emails, the last four digits of Social Security numbers, bank details, driver’s licenses, passports, and account data like balances and transaction history. The attackers reportedly demanded a $20 million ransom, which Coinbase refused to pay.

At Least Six Lawsuits Allege Negligence, Delayed Response

Between May 15 and 16, at least six lawsuits were filed against Coinbase. Plaintiffs allege the exchange failed to maintain proper security measures, delayed informing users, and offered no meaningful steps to mitigate harm.

One California-based lawsuit demands Coinbase delete all sensitive data and hire independent auditors to evaluate its systems. Another suit added a claim of unjust enrichment, arguing that Coinbase underinvested in data security to boost profits.

In a filing with the U.S. Securities and Exchange Commission (SEC), Coinbase estimated potential reimbursement costs to range between $180 million and $400 million. The company has pledged to compensate users who were tricked into sending crypto due to phishing scams linked to the data breach.

Following the news, Coinbase (COIN) shares initially dropped 7% to $244, but recovered with a 9% gain, closing at $266 on May 16.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Coinbase Faces Legal Firestorm After Massive Customer Data Breach appeared first on Coin Engineer.

Seed Phrase Trap: Social Engineering at Its Worst

Ed Suman, a 67-year-old former fabricator for top artists like Jeff Koons, spent decades in the art world before shifting his focus to cryptocurrency investing. Over time, he amassed 17.5 Bitcoin (BTC) and 225 Ethereum (ETH) — the core of his retirement portfolio — stored safely in a Trezor Model One hardware wallet.

But in March, he received a text message that appeared to be from Coinbase, alerting him to suspicious account activity. He replied, and shortly afterward, a man calling himself “Brett Miller from Coinbase security” called him.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The caller seemed legitimate, even referencing Suman’s use of a hardware wallet. Over the phone, he walked Suman through a supposed “security procedure,” which required him to enter his seed phrase into a site that perfectly mimicked Coinbase’s interface.

A second scam call came nine days later. After following the same process again, all of Suman’s crypto was gone.

Real Data Breach at Coinbase Raises Alarms

Coincidentally or not, Coinbase recently disclosed a data breach where attackers bribed Indian customer support contractors to access private user data — including names, account balances, and transaction histories.

Roughly 1% of monthly users were affected, including Sequoia Capital’s managing partner Roelof Botha. While no funds were confirmed stolen from him, the incident highlights growing concerns over third-party vulnerabilities.

Coinbase has since fired the compromised contractors and is planning to compensate affected users with a budget between $180 million and $400 million.

Hardware Wallets Are Not Foolproof

Suman’s tragic loss is a painful reminder: Seed phrases should never be entered into any website, regardless of how authentic it looks. The biggest threat in crypto isn’t always technology — it’s human manipulation.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Retired Artist Loses $2M in Crypto to Fake Coinbase Site appeared first on Coin Engineer.

New Developments in the Bybit Hack

According to blockchain analytics firm Elliptic, the Lazarus Group, a North Korean hacking collective, has used 11,084 cryptocurrency wallets to launder stolen funds. The hackers are suspected of stealing funds from Bybit’s cold wallet. On February 25, Bybit CEO Ben Zhou announced a “war” against Lazarus Group.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

To recover the stolen funds, Bybit has taken several steps, including the launch of a new blacklist wallet API and a reward system to track wallets and initiate legal action. Elliptic also released a public list of wallet addresses linked to North Korean hackers, helping the community avoid exposure to these addresses.

Elliptic and Bybit’s Collaboration

According to Elliptic’s data, all 11,084 wallets are associated with the Bybit hack. Data on these wallets became accessible within just 30 minutes, allowing Bybit users to continue trading without risking exposure to the stolen funds.

Bybit continues to work with blockchain security firm ZeroShadow to trace the stolen funds. ZeroShadow is tasked with identifying and freezing stolen assets from cold wallets.

Bybit Hack and Fund Transfers

According to blockchain analysis firm Chainalysis, the Bybit hack began with a phishing attack and later intercepted a routine transfer from Bybit‘s Ethereum cold wallet to a hot wallet. Stolen ETH was converted into Bitcoin and other cryptocurrencies and moved across different networks.

Despite the massive breach, Bybit kept withdrawals open to maintain platform stability and secured liquidity through external loans. On February 25, Bybit started repaying the stolen funds, transferring 40,000 ETH back to Bidget.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit Declares War on Lazarus Group! appeared first on Coin Engineer.

The Mechanism of Phishing Attacks

Phishing attacks are a deceptive type of fraud designed to obtain sensitive information (such as seed phrases and passwords) that grants access to victims’ crypto wallets. Attackers typically use fake websites or phishing links to lure users into providing critical details, which are then stolen.

2024 Crypto Security Statistics

According to CertiK’s report, the statistics for 2024 are alarming:

• Phishing attacks resulted in over $1 billion in losses across 296 incidents.
• Private key compromises caused 65 incidents, leading to a total loss of $855 million.
• Overall crypto hacking losses amounted to $2.3 billion, marking a 40% increase compared to the previous year.

Are New Threats on the Horizon?

CertiK warns that phishing attacks may become more sophisticated in 2025. The rapid advancement of artificial intelligence technology could unfortunately enable attackers to develop even more complex methods. Consequently, raising user awareness and keeping security protocols up to date are more critical than ever.

Tips to Enhance Your Security

To safeguard yourself in the crypto world:

1. Think twice before clicking on links in emails or messages.
2. Never share your private keys and store them offline.
3. Use reputable and trusted exchanges for your transactions.

While phishing attacks continue to cause significant losses in the crypto world, conscious steps can help minimize their impact. The lessons learned in 2024 can serve as a guide to building a more secure crypto ecosystem in 2025 and beyond.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post The Greatest Threat to the Crypto World: Phishing Attacks appeared first on Coin Engineer.

Whitelists can have different meanings depending on the context, as they are typically related to a specific service, event, or information.

What Is Whitelist?

In the cryptocurrency world, a whitelist refers to a list of approved individuals who have the right to participate in a particular event. This list may include participants for an Initial Coin Offering (ICO), Initial Exchange Offering (IEO), or approved withdrawal addresses on exchanges. The purpose of the whitelist is to ensure that only individuals who meet certain criteria are allowed to participate.

Participation often requires conditions such as having a specific amount of funds, a good account history, a referral code, or an invitation.

In the case of an ICO, the whitelist includes a list of registered and approved users who are granted the right to participate in the pre-sale or ICO. Some cryptocurrency projects may implement a whitelist phase for those looking to distribute their tokens to the public. This process allows projects to verify potential token buyers and ensure they comply with the token distribution requirements.

How Does a Whitelist Work?

Ransomware, phishing, and malware threats have become security risks that require attention in everyday life. To defend against such malicious software, personal security measures need to be enhanced. One such measure is the whitelist. But how does it work?

A whitelist is a list based on predefined strict rules and is managed under the control of an administrator. Administrators create a list that defines which sources, programs, and applications can be accessed by users. This list can be dynamically updated according to needs.

The list is applied to operating systems, network devices, or server software. This ensures that each incoming user request is monitored and checked to see if it matches the whitelist. If the request is on the whitelist, the user can proceed; however, if the request is not listed, the transaction is rejected.

Whitelist in the Context of NFTs

The use of a whitelist is not limited to ICOs and IEOs; it also plays an important role in the Non-Fungible Token (NFT) world. An NFT whitelist is a list of approved individuals who are authorized to participate in transactions in a specific NFT marketplace or sale. This list is typically managed by the entity releasing the NFT and is used to limit which individuals can buy or sell NFTs.

Whitelisting is applied to offer certain buyers priority or exclusive access to NFT sales or events.

Advantages of a Crypto Whitelist

There are several key benefits to being included in a crypto whitelist. First, it provides priority access to an ICO, IEO, or NFT sale. This can be a significant advantage, especially when the number of tokens or NFTs is limited.

Being on the whitelist can also provide an additional layer of security, particularly for withdrawal addresses. Allowing withdrawals only to whitelisted addresses can help enhance the security of your cryptocurrency transactions.

How to Join a Crypto Whitelist

Joining a crypto whitelist typically starts with providing your personal information, which may include your name, email address, and sometimes a government-issued ID. This information is used to verify your identity and confirm that you meet the participation requirements.

In the case of NFT whitelists, you may need to demonstrate active participation in the project, such as engaging with the project’s community or participating in community discussions.

Whitelist and Network Security

Whitelisting is also a common practice in network security, where IP addresses or domain names with access to specific files or systems are listed.

In the NFT context, the whitelist may include wallet addresses authorized to mint an NFT. The smart contracts of NFT collections check whether a wallet is on the whitelist, only allowing approved addresses to mint NFTs.

Also, in the comment section, you can freely share your comments and opinions about the topic. Additionally, don’t forget to follow us on Telegram, YouTube and Twitter for the latest news and updates.

The post What is a Whitelist? Cryptocurrency and NFT Terms appeared first on Coin Engineer.

“We now have access and have locked the Polygon community discord server. While we examine every external bot and integration to prevent this from happening once more, all of them have been disabled,” Polygon stated on X.

At about 5 a.m. GMT, a false message appeared on the Polygon Discord, apparently from the account of its community lead, Smokey, as contemporaneous screenshots reveal. Along with a phishing link, the message promoted a “special pre-migration” airdrop ahead of the Polygon network’s intended conversion from its native MATIC token to the improved POL token, set for September 4.

At least one user says they fell victim to the attack, and blockchain evidence supports their allegation of losing a Uniswap position valued at roughly $145,000 in the hack. Though it’s not apparent when the repost occurred, the transfer transaction took place roughly forty minutes after Polygon’s chief information security officer, Mudit Gupta, informed the Polygon community of the hack via a post on X. 

The wallet address used for the Uniswap transaction, which most likely belongs to the hacker, seems to have claimed former victims. Ten days ago, the wallet moved ether valued at $72,300 at the time to a wallet identified by Etherscan as a phishing agent currently possessing about $400,000 in assets. The wallet moved $29,500 worth of ether five days ago to another, similarly flagged wallet with $150,000 in assets.

The crew of Polygon is not clear right now on the method of compromise for their Discord. “At this moment, we don’t believe any of our mods were compromised this way (being phished). It seems more likely that a bot/integration we had was compromised. Still going through the logs,”  Gupta stated on X.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Polygon Discord Hacked: $145K Stolen in Phishing Attack appeared first on Coin Engineer.

Blockchain security company Scam Sniffer said earlier in the day that a crypto investor was duped into signing a harmful permission phishing signature. This meant the loss of 2.56 million PT Ethena tokens, valued at $2.4 million, and 3,656 MKR tokens, valued at $8.7 million.

Examining the victim’s address on the Arkham Intelligence platform, it turned out that it was connected to a MakerDAO governance delegate. Selected by their community, these delegates reflect MKR holders in voting procedures.

Although all MKR holders are involved in governance, many choose to give these representatives their voting powers. This practically gives them major control over the operations and policies of the protocol.

“This is a real big spender. Three permit offline authorization signatures were stolen by a phishing website, resulting in a loss of approximately $11 million,” Yu Xian, creator of blockchain security firm SlowMist, stated.

Impact on MKR Token Price

According to Lookonchain, the blockchain analysis tool, the thief had turned the pilfers into Ethereum following their theft. Resulting from this action, MKR’s price dropped 7% to $2,219. As of press time, the token has somewhat rebounded to $2,374.

Etherscan has assigned the address of the exploiter to be a phishing wallet. It has around $760,000 in different digital assets.

This event also highlights the continuous threat of phishing attempts in the domain of digital assets. Usually, these programs entail con artists creating fictitious social media profiles to pass for official projects. These stories then entice victims to dangerous websites where sensitive data is compromised, usually with reference to counterfeit verification badges.

Following a temporary break due to increased demand last month, Inferno Drainer—a well-known draining-as-a-service (DAAS) provider—resumed activities. This service was linked to the theft of $6.9 million worth of 1,807 Ether.fi-Liquid1 tokens.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post MKR Token Down 7% Post $11M Phishing Scam appeared first on Coin Engineer.

Effortless Airdrop Claims and Increased Staking Rewards

Users can now conveniently access and claim the latest BounceBit airdrops directly through the BounceBit Portal. These airdrops will be automatically distributed within hours, simplifying the claiming process.

To further incentivize participation, BounceBit has reinstated the Premium Yield program for staking, offering users the opportunity to earn even greater rewards.

LİNK: BounceBit’s Bitcoin Restaking Airdrop is now Available

Security Reminder

A critical security concern has been raised by 23pds, Chief Information Security Officer at SlowMist Technology. They warn users to be cautious, as the top Google search result for “BounceBit” currently leads to a phishing website.

To avoid falling victim to potential scams associated with BounceBit airdrops, it’s crucial for users to double-check the legitimacy of any website they visit.

What is BounceBit?

BounceBit bridges the gap between CeFi (Centralized Finance) and DeFi (Decentralized Finance) by providing a platform for BTC holders to generate returns through various methods.

Their innovative Proof-of-Stake system requires validators to stake both BTC and BounceBit’s native token, $BB. This fosters a collaborative environment that benefits both entities.

Strengthening Bitcoin and Network Security

Built upon a robust infrastructure anchored by Bitcoin’s established value, BounceBit aims to create a symbiotic relationship between its $BB token and BTC.

By strategically connecting these two elements, BounceBit seeks to enhance network security and amplify the intrinsic value of Bitcoin itself.

While the automatic airdrop distributions and return of Premium Yield are enticing features designed to attract users, it’s important to remain cautious of potential phishing scams.

Despite this security concern, BounceBit’s unique combination of CeFi and DeFi features, coupled with its BTC-backed foundation, holds the potential to generate significant yields and contribute to a more secure network environment.

The post BounceBit Unveils Automatic Airdrops and Revives Premium Yield for Staking appeared first on Coin Engineer.