- Coinbase offers a $20M bounty on criminals behind user data extortion.
- Less than 1% of users were affected, with no funds or passwords leaked.
- Law enforcement and reimbursements are already in motion.
Coinbase, the largest publicly traded cryptocurrency exchange in the U.S., has placed a $20 million bounty on cybercriminals who tried to blackmail the company. The attackers demanded a ransom of the same amount in Bitcoin, threatening to leak sensitive customer data if the exchange refused to comply.
Rather than giving in to the pressure, Coinbase has opted to fight back publicly, and with a serious price tag on justice.
A Breach That Targeted Support Channels
In a comprehensive blog post, Coinbase announced that the attackers obtained access to information associated with fewer than 1% of its monthly visitors. The information was supposedly obtained through bribing foreign customer support contractors. The obtained information includes names, addresses, and government-issued IDs, but not passwords, private keys, or customer funds.
“No funds were affected, and Coinbase Prime institutional accounts were not affected,” the company explained.
The hack illustrates the increasing intelligence of social engineering attacks, targeting human weaknesses over technical vulnerabilities. The attackers’ aim was simple: ransom $20 million’s worth of Bitcoin to keep the leaked information from being published or sold online.
Law Enforcement Involved, Users Reimbursed
Rather than giving in, Coinbase has not only declined to pay the ransom but has also launched a $20 million reward to find and prosecute the attackers. The exchange has cooperated with law enforcement authorities and is currently investigating the attack.
“Coinbase will also refund impacted users,” the blog post reported, again asserting its customer security and transparency. (check the refund part once again, coz as per the article there was no hack, then where did refund come in, double check and proceed)
This action represents a dramatic move in how crypto companies deal with extortion threats, indicating that legal channels and bounties can become a normative defense strategy in the industry.
Not Coinbase’s First Rodeo
This isn’t the first time Coinbase has had to confront digital extortion. Back in 2022, the company also issued a bounty after a separate breach attempt, showing a consistent refusal to negotiate with cybercriminals.Recent months have seen an increase in scams targeting Coinbase customers, with attackers posing as customer support agents to drain funds. Independent blockchain investigator ZachXBT has documented multiple such cases, highlighting the need for better user education and security measures across crypto platforms.
