UnknownUnknown

CoinbaseCartel

Financially motivated threat group targeting cryptocurrency platforms and users. Further details pending analysis.

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

2.2

Low signal strength

Mentions7

Sources4

High conf.1

Last seenMay 2026

First observed

—

Last active

—

Origin

—

Aliases

Techniques

Campaigns

TargetsCryptocurrency

RegionsGlobal

Attribution signals

7 mentions · 4 sources

#1attributehigh

TTP match

socradar

May 2026

"Researchers attribute the group's rapid expansion primarily to the reuse of stolen credentials obtained from infostealer logs."

#2hypothesizedlow

Unspecified

socradar

May 2026

"The group is also tracked under the alias shinysp1d3r by some researchers, who have hypothesized a connection between CoinbaseCartel and the threat actors known as ShinyHunters, Scattered Spider, and Lapsus$."

#3thought tolow

Infrastructure

socradar

May 2026

"Under this hypothesis, CoinbaseCartel is thought to share personnel or infrastructure with the Scattered LAPSUS$ Hunters (SLSH) alliance"

#4has not been validatedlow

Unspecified

socradar

May 2026

"These assessments remain contested, and attribution beyond superficial operational overlaps has not been validated."

#5unspecified

Unspecified

therecord

May 2026

#6unspecified

Unspecified

bleepingcomputer

May 2026

#7unspecified

Unspecified

security-affairs

May 2026

Hedge terms observed

attributehas not been validatedhypothesizedthought to