Read below to see how Web3 reacted to this week’s revelation of the Coinbase (NASDAQ:COIN) hack.
“The Coinbase attack proves why centralized systems keep failing – they offer no resilience against increasingly sophisticated hackers. Cybercriminals know this and are becoming more and more adept at exploiting these weaknesses. This problem isn’t going away, it’s only intensifying.
“The only solution is decentralized security that removes single points of failure. The bottom line is that any sensitive information or data should be protected by a decentralized system, rather than human gatekeepers.
“Let’s decentralize the final frontier: the systems themselves and how they prove their state. We need networks that grow stronger under pressure, not crumble. That’s the antifragile future – building resilience through decentralization, not vulnerability through centralization.”
– David Carvalho, founder and CEO of decentralized post-quantum infrastructure Naoris Protocol
“Breaches like this are not just unfortunate—they’re structural. They reveal how much of the infrastructure in crypto still depends on centralized, opaque systems that replicate the vulnerabilities of Web2. When access and trust are concentrated in one organization, a single error or insider threat can compromise millions.
“Security at scale isn’t just about better vetting or faster incident response. It’s about architecture. Systems need to minimize dependency on trust-based mechanisms by distributing control as a default, making operations transparent, and ensuring critical data can’t be silently altered or lost.
“We can’t keep building on infrastructure that forgets, hides, or breaks under pressure. The future depends on verifiable, durable systems designed to survive beyond the institutions that run them.”
– Phil Mataras, founder of Arweave-based permanent cloud network AR.IO
“The very recent cyberattack on Coinbase, the largest U.S. cryptocurrency exchange, is a clear warning that the crypto industry remains vulnerable to insider threats, this time because of operational weaknesses.
“In this incident, cybercriminals bribed overseas customer support agents to steal sensitive customer data, including names, addresses, phone numbers, masked bank account details, government-issued IDs, and account balances. Although less than 1% of users were affected, the breach exposed serious gaps in internal controls and third-party risk management.
“Coinbase’s refusal to pay the $20 million ransom and its decision to offer a $20 million reward for information leading to the attackers’ arrest is notable. The company has also pledged to reimburse affected customers, with estimated costs reaching up to $400 million. These actions are necessary, but they also highlight the scale of the problem and the urgent need for stronger security measures across the industry.
“What stands out to me is that this breach was not about breaking through technical defences, but about exploiting people. Even the most advanced platforms can be compromised if insiders are bribed or manipulated. This is a crucial lesson for any company with global operations: while firewalls and encryption are important for security, it’s necessary to properly train people and maintain constant vigilance.
“Coinbase’s ambitions are bold. CEO Brian Armstrong recently said the company wants to be the number one financial services app in the world. With major partnerships, growing stablecoin revenue, and a rapidly expanding platform, Coinbase is positioning itself as a bridge between traditional finance and the blockchain future. But to get there, trust is non-negotiable.
“Regulators are already watching closely, and this breach will only accelerate demands for stricter oversight, especially around third-party contractors and data protection. For the industry, the direction is clear: tighten access controls, improve employee vetting, invest in security training, and prepare for rapid, transparent responses to incidents.
“For everyday users, this incident is a reminder to stay vigilant: never share your password or two-factor authentication codes, be wary of unsolicited requests to move your funds, and remember that Coinbase will never ask you to transfer assets or reveal sensitive information over the phone or email. Taking these steps is essential to protect yourself from potential scams that may follow in the wake of this breach.
“The sector’s future depends not just on innovation, but on earning – and keeping – the trust of everyday people. Without swift action, the industry risks falling short of its own ambitions.”
– Jurgita Lapienytė, editor-in-chief, Cybernews,
“Coinbase is on the hook for $400 million, not because of a technical failure on their side, but because users were tricked into trusting the wrong address. This isn’t just a Coinbase problem; it’s a systemic vulnerability that’s plagued crypto since day one.
“… we’ve built the world’s strongest anti-phishing and fraud prevention technology, precisely for moments like this. The root issue is always the same: users don’t know if the address they’re sending funds to actually belongs to the person or company they think it does. Right now, crypto runs on a ‘trust me, bro’ model of identity verification, and that’s just not sustainable.
“The solution lies in public names, private transactions, enabling users to send to a verified name, not a sketchy string of characters. Behind the scenes, automatic decentralized stealth addresses and off-chain cryptographic proofs confirm both identity and intent. Think PayPal for Web3 — you know exactly who you’re transacting with, every time.
“Coinbase did the right thing by making users whole, but the industry needs to do better. We invite Coinbase and others to adopt our SDK and help make crypto safer for everyone.”
– Michal “Mehow” Pospieszalski, CEO of Fintech security provider MatterFi