How the Attack on Coinbase Shows the Dangers of Centralized Exchanges - Ep. 837

15 snips

May 16, 2025

Guest

Jameson Lopp

In this insightful discussion, security experts Jameson Lopp, co-founder and CTO at CASA, James Wester, Research Director at Javelin, and Alexander Leishman, CEO of River, address a shocking Coinbase data breach. They uncover how hackers exploited human vulnerabilities to steal sensitive data. The trio debates whether KYC regulations increase risk, emphasizes the need for better protective measures, and highlights that in crypto, people may be the greatest security threat. Their analysis offers actionable insights for improving user safety in the crypto landscape.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Human Factor Is Weakest Link

Human error and social engineering are the weakest links in crypto security today.
Despite advances in technical security, attackers exploit people rather than blockchains.

INSIGHT

Data Leak Enables Spear Phishing

Leaked customer data enables highly effective phishing and spear phishing attacks.
Attackers use personal info to trick users into giving up access to their funds.

INSIGHT

Crypto Feels Less Secure Than Fiat

Crypto's technical security is strong but user experience can feel insecure.
New financial paradigms bring risks unlike traditional fiat systems.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Coinbase revealed on Thursday that cybercriminals bribed overseas customer support contractors to steal sensitive customer data as part of a $20 million extortion scheme. While no funds or private keys were compromised, customer names, addresses, and ID documents were exposed for nearly 1% of the company’s 8+ million “monthly transacting users,” according to a blog post.

The story raises tough questions for the entire industry. Is KYC making users more vulnerable? Can human error ever be fully eliminated? And is crypto’s real security problem… people?

Security experts Jameson Lopp, James Wester and Alexander Leishman delve into:

What went wrong at Coinbase
Why human vulnerabilities are still crypto’s biggest risk
Whether KYC makes the problem worse
What companies should do next to protect their users

Visit our website for breaking news, analysis, op-eds, articles to learn about crypto, and much more: unchainedcrypto.com

Thank you to our sponsors!

Focal by FalconX
Bitkey: Use code UNCHAINED for 20% off
Mantle

Guests

Jameson Lopp, Co-founder and CTO at CASA
James Wester, Research Director at Javelin
Alexander Leishman, CEO and CTO at River

Links

Coinbase’s blog post: Protecting Our Customers - Standing Up to Extortionists
Coinbase’s SEC filing
Commentary:

Vance Spencer’s tweet
Armani Ferrante’s tweet

Timestamps:

🎙️ 0:00 Introduction and ads

🔓 2:30 How hackers tricked Coinbase’s offshore support and why humans remain security’s weakest link

🗂️ 6:49 What customer data was leaked and how hackers use it

🎯 13:14 How attackers prey on targets at weak moments

🌍 20:47 Should Coinbase move customer support back to the U.S.?

🛑 26:35 Why KYC protocols might be making users more vulnerable, not safer

🛡️ 28:48 The best defenses companies can implement to protect users

📰33:49 Weekly News Recap

Learn more about your ad choices. Visit megaphone.fm/adchoices