Coinbase Hack Exposes 3 Insider Threat Enablers - Forbes

LeadershipCIO Network Coinbase Hack Exposes 3 Insider Threat Enablers ByNoah Barsky, Contributor. Forbes contributors publish independent expert analyses and insights. Noah Barsky writes about business insight in a tech-driven world. Follow Author Jun 11, 2025, 09:00am EDT Cybercriminals bribed Coinbase employees and contractors for customer data access. getty Bankrolling cybersecurity may soothe momentary leadership angst, but often does little to address rising insider threats and basic internal control failures. Coinbase joined a long and growing list of hacked companies undermined by bribed, planted or tricked employees. The crypto exchange giant disclosed that cybercriminals gained access to sensitive customer account data by “paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.” Coinbase declined to pay the hackers $20 million ransom. Instead, the company posted a $20 million reward to catch and convict the extortionists. Despite the bold stance, remediation, reimbursement and indemnification costs are preliminarily estimated “to be within the range of approximately $180 million to $400 million.” That’s a hefty financial and reputational hit – even for a market-leading entity which closed 2024 with $9 billion in cash reserves and a penchant for spending heavily on cyber investments. The nefarious methods may seem novel, but the case is neither isolated nor unique. The 2025 Ponemon-Sullivan Security Report found almost half of insiders had more access than needed. While no cyber defense is impenetrable, fixating on technical design proves futile when incentives, incompetence and indifference undermine internal controls design, implementation and effectiveness. Good Controls, Good Business Data are digital era treasure. That’s what hackers know, yet too many company directors and executives underestimate. While internal controls were first established to curb asset misappropriation, sharpen business processes and maintain financial integrity, they are widely viewed as mere compliance requirements. That’s a dangerous mindset as IT systems and safeguards are often highly technical and considered “invisible.” Compounding that AI-age naivete is excuse-making that insider threats are "rogue bad actors.” As reported on Forbes, Coinbase CEO Brian Armstrong lamented “the criminals have been approaching our overseas customer support agents, looking for a weak leak , someone who would accept a bribe in exchange for sharing customer information with them. Unfortunately, they were able to find a few bad apples.” The problem wasn’t that low-paid, offshored workers were susceptible to payola. Rather, access controls were inadequate, insufficient and/or non-existent. Even worse, the deficiencies were exploitable (and monetizable) for several months without detection. MORE FOR YOU Those gaps are widespread. The 2023 Ponemon-Sullivan Security Report found that cyber incidents due to employee negligence (55%) outnumbered the combined total incidents involving criminal or malicious insiders (25%) and credential theft (20%). Fraud requires opportunity, incentives/pressure and rationalization -- cybercriminals and their AI tools prowl for such juicy vulnerabilities. Antidotes require meaningful assessment and action. That’s far more than hollow audit committee charters, toothless assurance models and self-congratulatory periodic reporting. Effective defenses, supported by stewardship workplace cultures, learn and adapt to pre-empt problems. Fabulous Disasters Boards and c-suites need to ask serious questions and expect credible answers about how incentives, incompetence and indifference – the three common corporate post-mortem culprits – enable insider threats that put their organizations at risk. Incentives drive insider identification and recruitment. Eventual compromise may stem from geographic pay differentials, work frustration or personal grievance. Over-reliance on risky employees jeopardizes cyber defenses. Incompetence is an organizational malady. Hiring, training, reviewing and retaining top talent is a longstanding human resources challenge. Strong policies, protocols and controls mitigate performance lags. Indifference is cultural. Leaders must assess whether employees care enough to observe, detect and report weaknesses or improprieties that can sabotage the organization’s immediate and long-term future. Hostile actors will do what they can to bribe, trick or, worse, plant employees. While payoffs cost Coinbase, in 2023, an employee impersonator verbally convinced MGM’s IT help desk to share system access credentials. The subsequent breach shuttered casino operations costing over $100 million, spawning a lengthy remediation quagmire. Yet, planting real or fictitious employees is also a real challenge, especially from cash-desperate regimes. In February, Christina Chapman pled guilty in federal court to allegedly running a “laptop farm” from her Arizona home which posed North Koreans as U.S. workers in remote IT positions at more than 300 U.S. enterprises, including multiple Fortune 500 companies. Chapman’s three-year purported scheme netted over “$17 million in illicit revenue” for her and the Hermit Kingdom. The payroll largess was falsely reported to the tax agencies in the names of over seventy identify theft victims. Clearly, a few hundred organizations were susceptible to adding “ghost” employees. Shay Colson, Intentional Cybersecurity managing partner, advises tech leaders to collaborate with HR to “vet new employees and ensuring that you’re not either supporting this sanctioned regime or giving up legitimate credentials to these threat actors.” That’s a foundational step towards competence, care and control. Insider Threats - Ready Or Not? Here are starter questions that boards can independently ask IT, HR and audit leaders: What payroll and hiring controls do we use to validate employee identities and prevent unauthorized access to our systems and sensitive data? What specific preventative and detective IT controls do we deploy to restrict data access? Have the design, implementation and effectiveness of these specific controls been adequately tested? What is the documented workflow and review process shared by IT, HR and internal audit leaders to ensure effective system and data access? controls? While not all breaches are preventable, does our organization promote a culture that meaningfully cares about data integrity, security and safeguards? What are the specific planned actions and tested protocols in place to address, thwart and remediate suspicious activity related to sensitive data? (Non) answers and “not my job” responses will be quite telling. Digital era danger necessitates coordinated, prepared and tested defenses – well before a breach. Toxic Waltz Countless case examples, benchmarking data, tabletop exercises and technical performance reports hold little lasting value, if companies lack credible, strategic tech leaders who can articulate the competitive, financial, reputational and business consequences of cybersecurity inaction. Perhaps worse are gilded executive teams fixated on strategy (and compensation) acceleration, while risking everything by settling for disincentivized, demotivated, distracted and disloyal staff. Et tu, IT? Editorial StandardsReprints & Permissions LOADING VIDEO PLAYER... FORBES’ FEATURED Video