ShinyHunters tease Coinbase by flashing allegedly stolen data on Telegram
Infamous for their audacity, hackers from the threat actor known as ShinyHunters are not only escalating their operations but also flashing alleged data from Coinbase, a major crypto exchange, which disclosed the breach in May last year.
Whether it was a marketing exercise or not, when Coinbase admitted it had been hacked, the crypto exchange immediately announced it wouldn't pay the $20 million ransom that the criminals demanded.
“Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” Coinbase said at the time.
Well, good luck with that. Yes, a former Coinbase employee was arrested in late December, and Brian Armstrong, the company CEO, boasted that more arrests will be announced soon.
But ShinyHunters, the hacking group that most likely arranged the breach by recruiting that particular Coinbase customer service agent in India to help steal sensitive customer information, seems to be playing with the company now.
On their Telegram channel, one of the group’s members posted a couple of screenshots picturing Coinbase’s internal tools and data – presumably stolen almost nine years ago.
According to cybersecurity analyst Dominic Alvieri, the posted data appears to be from 2025. He also states the screenshots were allegedly “flash posted.”
This could mean either posting data snippets and then deleting them after a short time, or posting data snippets to boast that they have this data.
Either way, this must be a message to Coinbase and probably nothing more, Cybernews researchers say, as nothing new related to that particular hack of the crypto exchange can be found on the dark web. We have contacted Coinbase to find out more.
On the Telegram chat, mostly full of pretty childish exchanges, members make fun of Armstrong and boast that “the industry will accept reality soon enough.” But this can also be a sign of desperation.
Coinbase explained last year that the hackers’ aim is to gather the customer list and contact them pretending to be Coinbase, tricking people into handing over their crypto. The company said it would reimburse customers who were tricked into sending funds to the attacker.
The stolen information includes names, Social Security numbers, bank details, and transaction histories.
Plus, additional safeguards are now in place. Flagged accounts require extra ID checks on large withdrawals and include mandatory scam‑awareness prompts.
Still, Coinbase has clearly suffered. The company reported $307 million in breach-related costs and is also facing a shareholder class action lawsuit, which alleges that the company failed to disclose the breach in a timely manner.
The stolen information includes names, Social Security numbers, bank details, and transaction histories.
Unlock more exclusive Cybernews content on YouTube.
