US Coinbase hack sparks concerns among UAE crypto investors

Thursday’s hack of Coinbase, the largest cryptocurrency exchange in the US, has sparked fresh concerns among UAE crypto investors, highlighting vulnerabilities in centralised exchanges.

In a major cybersecurity breach disclosed on May 15, hackers gained access to Coinbase’s internal systems by bribing outsourced customer support agents.

Recommended For You

One killed, 19 injured in Dubai after truck crashes into workers' bus

UAE announces Eid Al Adha 2026 holiday for public sector employees

9-day Eid Al Adha weekend in UAE: Fireworks, holidays, all you need to know

Fujairah clarifies smoke at Petroleum Industries Area caused by maintenance fire

UAE school fees: Parents facing job loss, salary cuts offered easier payment plans

 

This insider manipulation allowed unauthorised access to administrative tools, compromising the personal data of nearly one million users, about one percent of its global customer base, media reports said. The exposed data included names, email addresses, phone numbers, masked banking details, and government-issued ID images.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

Coinbase assured that passwords, private keys, and funds were not directly compromised. The attackers demanded a $20 million ransom to avoid leaking the stolen data, but Coinbase refused and alerted law enforcement. The company has since terminated the implicated employees and is cooperating with authorities.

To mitigate user impact, Coinbase has pledged to reimburse customers tricked into transferring funds, with total remediation costs estimated between $180 million and $400 million.

A wake-up call

Cybersecurity expert and managing director of Rayad Group, Rayad Kamal Ayub, called the breach a wake-up call for crypto investors in the UAE. “The MENA region, particularly the UAE, has seen massive growth in cryptocurrency adoption,” he said. “According to a report by Chainalysis, the region accounted for 7.5 per cent of the world’s total crypto transaction volume between July 2023 and June 2024, with an estimated $338.7 billion in on-chain value received. This means many users here are potentially at risk if exchanges do not bolster their internal security measures.”

Ayub also pointed out growing concerns about bad actors in the region exploiting vulnerable investors. Cybersecurity consultant and blockchain analyst Dr Zohaib Zaheer, who worked on a project related to Coinbase, said the breach underscores the dangers of insider threats, particularly when third-party vendors are involved. “Even major exchanges like Coinbase aren’t immune,” he said. “For UAE investors, it’s a reminder: don’t rely solely on platform security. Use hardware wallets, enable 2FA, and stay alert to scams. Stronger internal controls and tighter oversight are no longer optional but essential.”

Investor confidence rattled

Ijaz Awan, who runs a Youtube channel dedicated to crypto investing and trading, echoed the sentiment, noting that the breach has rattled investor confidence in the region. “Coming just months after Bybit’s $1.5 billion hack, the Coinbase breach is another major blow to user confidence. It’s deeply worrying for the average user; many now feel their funds aren’t safe anywhere. If crypto is to grow as an asset class, exchanges must implement much stronger internal controls and security protocols,” he said.

Experts said the incident has reignited calls for enhanced regulations and improved security infrastructure in the UAE’s burgeoning crypto sector. Obaidullah Kazmi, founder & CTO at Credo Technology Services, reiterated: “This breach underscores a hard truth – technology is only as secure as the people and processes behind it. While Coinbase’s core systems remained uncompromised, the exploitation of outsourced support staff highlights the growing risk of insider threats and third-party exposure."

In a rapidly maturing market like the UAE, trust is everything. Exchanges must rethink their security models — moving beyond perimeter defences to adopt Zero Trust architectures, identity-centric controls, and continuous monitoring. Regulations will help, but proactive resilience starts from within," Kazmi underscored. 

Mohammad AlKaff AlHashmi, founder of Haqq Chain, stressed the need for stronger internal safeguards. “KYC is crucial for compliance, but it also makes us custodians of sensitive data in an industry built on privacy. Compliance needs to come with security standards that treat identity like digital assets,” he said. “It’s about who you hire, how they’re trained, and what they can access.”