Last week’s highly organized breach of cryptocurrency exchange Coinbase (COIN) left behind more questions than answers.

While some hailed Coinbase’s response as a «really great example» in dealing with a crisis, the breach has now caused a potentially massive privacy issue that mirrors the Ledger data breach in 2021 — which led to a spate of real-world robberies as criminals were able to get a hold of names and addresses of crypto holders. Coinbase has already acknowledged that its customers may have lost close to half a billion U.S. dollars as a result of its breach.

Cybercriminals accessed Coinbase user data by bribing and convincing Coinbase support employees to share that data, but this was entirely preventable, according to numerous experts that spoke to CoinDesk.

“A failsafe system would make stealing data technically impossible, but Coinbase clearly didn’t prioritize these measures, leaving the door wide open,” Andy Zhou, co-founder of blockchain security firm BlockSec told CoinDesk.

Allowing these criminals to access personal data, whether through a hack or, in this case, social engineering, is a major blight on an exchange that facilitates billions of dollars worth of volume every day. The breach created a myriad of issues, including user privacy and trust. How could Coinbase, a publicly traded company, allow attackers to steal personal information and money through the front door? And could it have been prevented?

Hackett Communications CEO Heather Dale hailed Coinbase’s response as a “masterclass in communication,” but Coinbase’s method of tackling the issues was simple: throw as much money at it as possible.

The exchange offered a $20 million bug bounty for anyone who reported information that would lead to an arrest or prosecution. It also committed to voluntarily reimbursing impacted users with between $180 million to $400 million.

What happened?

Before analyzing the fallout of the breach, it’s important to understand how exactly the breach occurred at a publicly traded company that spends millions of dollars per month on security infrastructure.

In February, on-chain sleuth ZachXBT reported a rise in thefts involving Coinbase users. He said that it was “a result of aggressive risk models and Coinbase’s failure to stop its users losing $300 [million] per year to social engineering scams.”

The fear of cybercriminals stealing hundreds of millions of dollars became a reality last week when Coinbase published a blog post revealing that account balances, government ID images, phone numbers, addresses and masked bank account details were stolen.

Unlike other hacks and breaches, which involve attackers exploiting a faulty back-end, these attackers went in through the front door—communicating directly with Coinbase employees and buying access to the information via rogue insiders. Coinbase claimed that it fired all responsible employees on the spot, although it did not reveal the method it used to find those responsible in the blog post.

The issue, however, is not confined to crypto. In 2022, digital bank Revolut confirmed that 50,000 sets of customer data were stolen, while one year later, trading platform Robinhood had up to 5 million email addresses leaked. The latter was fined $45 million by the SEC following the breach after it emerged that a portion of customers had their accounts wiped by attackers.

The BBC reported in October that one particular Revolut user lost £165,000 ($220,0000) following a data breach and that the neobank’s fraud detection system prevented £475 million in fraudulent transactions in 2023.

Coinbase competitors Binance and Kraken said they managed to fend off similar social engineering attacks in recent weeks.

Coinbase CEO Brian Armstrong also posted a video on X last week, stating that he received a “ransom note” for $20 million in bitcoin in exchange for these attackers not releasing some information they claimed to have obtained on Coinbase customers.

ZachXBT added on Thursday that the attackers began obfuscating the stolen funds by swapping BTC for ETH on Thorchain, a venue often used by the infamous North Korean hackers Lazarus Group.

‘Major wake-up call’

Andy Zhou, co-founder of blockchain security firm BlockSec, told CoinDesk that Coinbase should have conducted “stricter background checks on employees handling sensitive data » and set up “alarms for weird activity” like someone suddenly downloading thousands of customer profiles.

Zhou added that Coinbase should have implemented several technical solutions. These include strict role-based access, meaning employees only see necessary data, or privacy tools that allow work without exposing raw details (for example, blurring ID photos).

Nick Tausek, lead security automation architect at Swimlane, told CoinDesk that the breach should be a “major wake-up call” for robust insider threat detection.

“As outsourcing scales and operations stretch across time zones, insider threat detection and access governance cannot be afterthoughts. A single insider with the right access, or in this case, the wrong incentives, can punch a hole in even the most fortified security posture. Because, as this breach shows, it only takes 1% of customers breached to make 100% of the headlines.”

However, not everyone is piling onto Coinbase.

Michal Pospieszalk, CEO of MatterFi, said that it “isn’t a Coinbase problem, it’s a systemic vulnerability that’s plagued crypto since day one.”

He argued that the nature of sending crypto without an intermediary means that all platforms are one misstep away from disaster.

Hackers need to engineer a situation that can trick users into sending their funds in an irreversible transaction. In Coinbase’s case, attackers gained access to personally identifiable information from a rogue employee.

The root issue, according to Pospieszalsk, is the problem of users not knowing whether they are sending funds to the right recipient, adding that crypto runs on a “trust me, bro” model of identity verification and that is not sustainable.

What happens next?

Coinbase said it would voluntarily reimburse customers who lost funds during the breach and would continue to work with law enforcement to capture those responsible. But for users, it’s a darker road.

The exchange said in a regulatory filing on Wednesday that the breach impacted 69,461 customers. The filing also noted that the breach occurred in December 2024 and was not discovered by Coinbase until May 15.

These details are out on the internet now, and may even be for sale on the dark web and in shady Telegram groups. After the Ledger breach, customer details were published on Raidforums, a nefarious data-sharing platform, which led to a rise in phishing attempts.

Unfortunately, Coinbase can’t do anything to prevent the sharing of this leaked information, leaving the affected users to attempt to put in as many safeguards as possible. These include changing wallets, changing deposit addresses on exchanges and even changing home addresses to avoid the risk of real-world robberies. Users whose social security numbers were leaked should also lock their credit to prevent identity theft.

It may be cumbersome, but as seen earlier this year during the attempted kidnapping of Ledger co-founder David Balland (and several other individuals over the past few weeks), criminals will not stop until they extract the maximum amount of funds, even if it means inflicting brutal acts of violence.

This also raises a potential legal question: If a Coinbase customer were to be robbed or assaulted due to the data breach, would Coinbase be liable? Ledger failed to escape a proposed class action lawsuit earlier this year, with plaintiffs alleging that Ledger violated its privacy policy and should have had measures in place to prevent the breach.

Crypto researcher Molly White also pointed out that Coinbase changed its user agreement in April, adding two clauses limiting class action lawsuits and requiring lawsuits to be filed in New York, with changes being applied on May 15, the same day the breach was announced.

Coinbase responded to CoinDesk about White’s claims, stating that the exchange had “notified customers well in advance” of the user agreement change and that it had a class action waiver in place for “years.”

Coinbase did not, however, comment on questions related to whether the breach was preventable or how it will safeguard customers who could be at risk of real-world robberies in the future.

Read more: Market Reaction to Coinbase Hack ‘Overblown,’ Say Analysts as SEC Probe Sinks Stock

A number of large banks and other traditional financial (TradFi) institutions are set to use the Solana blockchain for their tokenization efforts.

R3, a U.K. developer of blockchain technology for financial institutions, is teaming up with the Solana Foundation to bring the former’s clients and their tokenized real-world assets to Solana.

Through its blockchain platform, Corda, R3 holds over $10 billion in assets and counts the likes of HSBC, Bank of America, Bank of Italy and the Monetary Authority of Singapore among its participants.

Tokenization, the term for minting real-world assets such as stocks and bonds as digital tokens that can be traded on decentralized networks, is one of the principal use cases of blockchain technology attracting the attention and investment of the TradFi world.

A recent report by Boston Consulting Group and crypto payments company Ripple said the tokenization market could reach $18.9 trillion by 2033.

R3’s aim is to supercharge the scale and liquidity of the tokenized asset ecosystem by making the assets available on a public blockchain like Solana.

The total value of assets held on Solana may be dwarfed by Ethereum, but it processes more transactions and has more active addresses.

«As the world’s most used public blockchain, Solana … [is] the ideal foundation for the next generation of regulated digital finance,» R3 said in an announcement on Thursday.

The Solana wallet address credited with making Justin Sun the top holder of the TRUMP memecoin for a private dinner and VIP reception with U.S. President Donald Trump later Thursday probably belongs to Sun-linked crypto exchange HTX.

Several blockchain explorers, including Arkham Intelligence and SolanaFM, tag the wallet as belonging to the cryptocurrency exchange, which acknowledged Sun as its leader in a 2023 blog post.

That address now holds about $23.3 million worth of TRUMP tokens, according to on-chain data and appears at the top of the event’s leaderboard, which is posted on a website publicized by Trump on his X account. The wallet is tagged “Sun.”

Sun, the founder of the Tron blockchain, said on social media that he was the top TRUMP holder in the sweepstake. The sweepstake rewards large TRUMP token holders with access to an event hosted at a Trump-owned golf club near Washington, D.C.

HTX, formerly known as Huobi, was acquired by About Capital, a Hong Kong investment firm, in October 2022. Sun denied that he was involved in the acquisition in an interview with CoinDesk TV at the time. He did, however, join the exchange as a member of its global advisory board. Huobi later identified Sun as its leader in the blog post.

In 2023, the platform rebranded to HTX, a nod to Huobi, Tron and «exchange.» At the time, the exchange pointed to a “commitment being all in TRON.”

Sun’s connection to the Trump-linked ecosystem also involves a $75 million investment in World Liberty Financial tokens, a decentralized finance initiative backed by the president’s family.

The Chinese-born crypto billionaire was sued by the U.S. Securities and Exchange Commission (SEC) under the Biden administration. The regulator alleged he had been “manipulating the market” for tokens tied to his ventures and paid celebrities “to tout” these tokens.

That suit has been put on hold under the Trump administration’s SEC leadership as the parties looked to find a “potential resolution.” Under the current administration, the regulator has dismissed several lawsuits and investigations against crypto firms, including Coinbase, Kraken and Uniswap.

Donald Trump’s memecoin was launched just days before his inauguration earlier this year. It was met with criticism from the crypto industry and among lawmakers, over the timing of the launch and its allocation to Trump-affiliated insiders.

TRUMP is at the time of writing trading at $14.64, up 11% in the last 24 hours.