In a significant move against cybercrime, Coinbase, a leading cryptocurrency exchange, has announced a $20 million reward for anyone who can assist in identifying and bringing down the culprits behind a recent cyber-attack, rather than bowing down to their ransom demands.
The incident, which was reported on May 15, involved cybercriminals bribing and enlisting a group of rogue overseas support agents to steal customer data from Coinbase and carry out social engineering attacks. The stolen data was intended to be used to impersonate Coinbase and deceive customers into surrendering their cryptocurrency holdings.
Upon discovering the breach, the attackers demanded a $20 million ransom from Coinbase to halt the scam. However, the company publicly refused to give in to their demands. Instead, Coinbase has taken a proactive approach by collaborating with law enforcement agencies and cybersecurity experts to track the stolen funds and hold those accountable for the attack.
As part of its response to the cyber-attack, Coinbase has initiated a ‘Bounty’ program, setting up a $20 million reward fund for individuals who can provide information leading to the arrest and conviction of the perpetrators behind the breach. Interested parties with relevant information are encouraged to reach out to security@coinbase.com.
Coinbase has swiftly taken action against the insider perpetrators involved in the attack, terminating their employment and reporting them to US and international law enforcement agencies. The company has also pledged to reimburse customers who fell victim to the social engineering attacks orchestrated by the cybercriminals.
Furthermore, Coinbase is implementing additional security measures to prevent future breaches, including enhanced ID verification for large withdrawals, mandatory scam-awareness prompts, and the establishment of a new support hub in the US. The company is reinforcing security controls, monitoring protocols, and investing in insider-threat detection to fortify its defenses against similar incidents.
Additionally, Coinbase is working in collaboration with law enforcement and industry partners to trace the attackers’ addresses and potentially recover the stolen assets. The company is committed to pressing criminal charges against those responsible for the cyber-attack.
The data breach at Coinbase exposed customer information such as names, addresses, phone numbers, emails, masked Social Security numbers, bank account details, government ID images, account data, and limited corporate data. However, sensitive information like passwords, private keys, two-factor authentication data, and funds remained secure and untouched. The breach affected less than 1% of Coinbase’s monthly transacting users.
Coinbase has estimated remediation costs and voluntary customer reimbursements related to the incident to range between $180 million to $400 million, as disclosed in its filing with the US Securities and Exchange Commission.
As Coinbase continues to enhance its security measures and collaborate with authorities to address the cyber-attack, the cryptocurrency exchange remains focused on safeguarding customer assets and maintaining trust in the digital currency ecosystem.