Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Coinbase seems to be going to great lengths to try and distance themselves from the so-called "rogue overseas support agents".

If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.

Reimbursing duped customers makes sense, as it seems like they would have a pretty straightforward case to make in court that Coinbase's actions led to their loss.

I'm more curious if someone who feels the need to move, change banks, change their email, hire a security detail etc. could successfully sue the company to recover some or all of those costs.



>If they were Coinbase employees or contractors, that means the company basically sold its own data to hackers, who then turned around and demanded a ransom.

This seems like a strange interpretation. If an employee at your company, against policy and likely illegally extracts proprietary data and gives it to hackers in exchange for money you can hardly say that "My company sold it's data".


I agree it wasn't authorized, but I should absolutely still be able to hold the company responsible for the damage. My business relationship is with you, not your employees or vendors.

They in turn could go after the perpetrator. If they're using contractors who are cheap, unvetted, untrustworthy or don't carry liability insurance that's their problem and shouldn't excuse them of accountability.


I'm not up to date on Tort law but it does seem likely the company has some liability here. I still think it's wrong to say the company did the thing. Someone employed by the company did it of their own volition. The company just gave them the ability to do the thing.


In a way you can. A company is its employees. If you want employees with integrity you might need to pay better than bottom dollar employees from the cheapest countries possible.

I once applied for a bank position, and they wanted to run a credit check. If you're in a position of handling money, the company has a responsibility to vet its employees. Do I agree with credit checks? Absolutely not, but the point is, Coinbase is partially responsible and that's why they're refunding duped customers.

How far that responsibility goes is up for debate.


> This seems like a strange interpretation. If an employee at your company, against policy and likely illegally extracts proprietary data and gives it to hackers in exchange for money you can hardly say that "My company sold it's data".

When an employee ships a new feature, do you say "My company shipped a new feature?"


Did the employee ship the feature this against their employer's will? 'Cause if so, I'm not sure we would say the company shipped it.


If an Amazon Delivery driver murders someone in their home while working would we say "Amazon Murdered an Old Lady" ?


? No...we wouldn't. No US paper would use that headline, anyway. Maybe it's different in other countries.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: