Coinbase announced that cyber hackers attempted to extort $20 million from the company. The hackers threatened to release stolen customer information to the public if Coinbase gave them this large amount of Bitcoin.
This is one of the largest cryptocurrency exchanges globally, and has since initiated a $20 million rewards program that offers a reward for tips leading to the apprehension and prosecution of the criminals.
The breach involved less than one percent of its monthly users, according to the company. This was ascertained through overseas support staff members, who took bribes from the hackers. They took advantage of being insiders to steal account data, which encompassed names, addresses, and government-issued IDs.
Importantly, Coinbase acknowledged that passwords, private keys, and funds were not stolen during the breach. Coinbase’s Prime accounts are also secure and untouched by this attack.
Coinbase fights hackers with law enforcement
Rather than caving to the hackers’ ultimatum, Coinbase opted to act against them by enlisting the support of law enforcement agencies. Coinbase promised complete cooperation with police and investigative agencies to prosecute the culprits.
While doing so, Coinbase also announced it will compensate any affected customers who paid for scams caused by the stolen data. This move underlines Coinbase’s focus on customers at a time when it was facing tough security incidents.
The attack is part of an emerging trend of social engineering assaults on Coinbase users. Phishers, independent researchers say, have been posing as support staff, and users have been lured into transferring funds.
The scams have resulted in financial losses running into millions. The hackers in this attack bribed a limited number of support operatives based abroad, and they then illegally accessed customers’ accounts for use in further social engineering schemes.
Coinbase stands resolute against paying the $20 million ransom. Rather, the firm’s $20 million reward is to encourage whistleblowers or informants to provide useful information. The reward fund is hoping to hasten the apprehension of the cybercriminals who perpetrated this egregious breach on customers’ trust.
