Cybercriminals tried to blackmail Coinbase into paying $20 million in Bitcoin over stolen customer data. Instead of paying up, the crypto exchange is offering the same amount as a bounty to help bring the perpetrators to justice.
The crypto exchange revealed how rogue overseas support agents were bribed by the criminals to leak sensitive user data, including names, addresses, masked bank details, and ID documents, in a blog post published Thursday.
While no funds, passwords, or private keys were compromised, and Coinbase Prime accounts remained “untouched,” the attackers used the data to launch targeted social engineering scams on customers.
“They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company wrote in their statement.
A video statement from CEO Brian Armstrong was cited by Coinbase in lieu of a direct response to Decrypt, in which he declared, “We are not going to pay your ransom.”
In a move mirroring the plot of the 1996 film “Ransom,” Armstrong added that he had, “a few next steps in mind… We’re putting out a $20 million award for any information leading to the arrest and conviction of these attackers,” the CEO said.
The counter-move marks a shift in how crypto firms are responding to criminal threats. While companies typically offer bounties to encourage hackers to return stolen assets, Coinbase is using the reward to go on the offensive against cybercriminals.
“This is a huge problem in the industry, and it’s only getting worse,” said Philip Martin, Coinbase’s Chief Security Officer, in an interview with Fortune.
He confirmed the compromised support agents were based in India and have all been terminated.
“Hell no!”
Martin added how the ransom demand came with a threat to publish the stolen data unless Coinbase paid.
“The knee-jerk reaction of every single person who heard we were being extorted was ‘hell no!’” he said.
Coinbase said it is working with law enforcement, has tagged the attackers’ wallet addresses, and will reimburse any customer who lost funds due to the social engineering attack.
The company is also launching a new U.S.-based support hub and tightening access controls across its systems.
“We will prosecute you and bring you to justice,” Armstrong said in his closing message to the attackers. “Now you have my answer.”
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
