Coinbase recently experienced a cyberattack on one of its employees, whereas transaction volumes declined in recent quarter reporting.
Coinbase, a leading cryptocurrency exchange, recently experienced a social engineering attack that targeted one of its employees. The attacker, equipped with a legitimate Coinbase employee username and password, attempted to gain remote access to the exchange’s system. However, Coinbase’s cybersecurity controls were successful in preventing the attacker from gaining access to its system and compromising customer information or funds. Coinbase was transparent about the attack and shared the Tactics, Techniques, and Procedures (TTPs) used by the adversary to protect its customers, employees, and the community.
According to Coinbase’s incident report, the attack began when several employee mobile phones received SMS messages indicating that they need to urgently log in via the link provided to receive an important message. Most employees ignored the message. However, one employee, believing that it was legitimate, clicked on the link and entered their username and password. The attacker then made repeated attempts to gain remote access to Coinbase. But, the employee was unable to provide the required Multi-Factor Authentication (MFA) credentials and was blocked from accessing the system.
About 20 minutes later, the attacker called the victimized employee. The former claimed to be from Coinbase’s corporate Information Technology (IT) department and requested their assistance. The attacker’s requests became more suspicious, and the employee terminated all communications with the attacker. The CSIRT team was alerted to the unusual activity by Coinbase’s Security Incident and Event Management (SIEM) system. They immediately launched a full investigation, suspending all access for the victimized employee.
Crisis Averted
Coinbase’s layered control environment prevented any loss of funds or compromise of customer information. However, limited contact information for employees, including employee names, e-mail addresses, and some phone numbers, was taken. Coinbase believes that the attacker is associated with a highly persistent and sophisticated attack campaign that has been targeting scores of companies since last year.
Coinbase has emphasized the importance of transparency and sharing information about security issues to make the whole community safer and more security-aware. The company also highlighted the need for constant innovation in blunting the effectiveness of social engineering attacks while striving to improve the overall experience of customers and employees. Coinbase encourages all companies to look for any web traffic from their technology assets to specific addresses. That includes their own company or organization name, in order to prevent future social engineering attacks.
Coinbase’s quick response to the attack and its robust cybersecurity measures successfully “thwarted” the attacker’s attempts to gain access to the exchange’s system. Coinbase’s transparency in sharing the TTPs used by the attacker serves as a valuable lesson to other companies. It emphasizes the importance of staying vigilant.
Report: Revenues Increase but Transaction Volume Decreases
Coinbase announced that its earnings and revenue for the fourth quarter of 2022 surpassed expectations, despite its user numbers falling short of analysts’ estimates. After a 4.8% dip in share price during the day, the company’s stock rose over 2% in extended trading.
Refinitiv’s analyst poll projected a loss of $2.55 per share, whereas Coinbase reported a loss of $2.46 per share. In terms of revenue, the company’s $629 million exceeded the expected $590 million. However, this still marks a significant decrease of nearly 75% in revenue compared to the previous year due to the “crypto winter” that caused cryptocurrency prices to drop.
Coinbase also reported a net loss of $557 million, in stark contrast to the net income of $840 million it earned during the peak of crypto adoption. Additionally, the platform’s user base continues to decline, with 8.3 million monthly transacting users during the fourth quarter, down from 8.5 million in the previous period. Analysts expected this figure to reach 8.22 million.
Transaction Volume
The exchange’s trading volume also dropped by 9%, from $159 billion to $145 billion. Furthermore, its transaction revenue fell by 12% to $322 million from the previous quarter. That was below the $327 million consensus among analysts polled by StreetAccount.
The company has prioritized diversifying its revenue streams beyond trading fees, with subscription and services as a significant focus. Coinbase generated over $200 million from products like Staking, Earn, and Custody in the fourth quarter of 2022. For the first quarter of 2023, the platform estimates subscription and services revenue to be between $300 million and $325 million. Coinbase expected restructuring costs of around $150 million.
Coinbase has undergone two significant rounds of layoffs since June 2022 to cut back spending and preserve cash. Last month, the exchange reduced its workforce by 20%, following an 18% reduction in 2022.
Regulatory Implications
Despite the user base and revenue declines, Coinbase’s stock was up over 75% in 2023 before Tuesday’s after-hours trading. This surge came after crypto prices rebounded, coupled with a retreat from the riskiest equities. Bitcoin, the most popular cryptocurrency, has risen over 48% this year.
Coinbase’s Chief Financial Officer, Alesia Haas recently stated that the market has rebounded in the current quarter compared to Q4 2022. She stated that “market conditions have really evolved, even in a single month.” Haas noted that Coinbase generated $120 million in transaction fee revenue in January. She also stated that retail investors have returned to the market.
Haas explained that Coinbase’s business could also be affected by potential Securities and Exchange Commission (SEC) actions that would regulate certain types of cryptocurrency tokens and services as securities. CEO Brian Armstrong and Chief Legal Officer Paul Grewal have tweeted that the company would fight such an action in court. Here is another attempt by Coinbase representatives to address the SEC actions.
Recently, crypto exchange Kraken ended its staking services as part of a settlement with the SEC over allegations that the platform sold unregistered securities. Staking allows investors to earn yields on their digital assets that would otherwise remain idle on the platform. Investors typically vault their crypto assets with a blockchain validator. The validator verifies the accuracy of transactions on the blockchain. Then, it receives additional tokens as a reward for locking them away.
Haas maintained that Coinbase’s staking product was “not a security” and that it accounted for less than 3% of net revenue, though it was an “important part of the ecosystem” that the platform plans to grow.
In other news, Coinbase teased something new via Twitter, which has gotten a lot of people talking about what they will announce.