Coinbase Takes a Stand Against Cybercrime: A $20 Million Bounty Offered to Bring Down Hackers

In a bold move against cybercrime, Coinbase, a leading cryptocurrency exchange, has announced a $20 million reward for anyone who can provide information that leads to the identification and prosecution of those responsible for a recent cyber-attack. The company's swift action against cybercriminals marks a significant shift in its approach to handling such incidents, as it publicly refuses to pay ransom demands.

A Cybercrime Ring Behind the Hack

On May 15, Coinbase revealed that a group of rogue overseas support agents had been bribed and recruited by cybercriminals to steal customer data and facilitate social engineering attacks. The attackers planned to use the stolen data to impersonate Coinbase and trick customers into handing over their cryptocurrency holdings. The hackers even demanded a $20 million ransom from Coinbase in exchange for not releasing the stolen data.

No Paying the Ransom: A Courageous Stance

In a courageous move, Coinbase refused to pay the ransom, opting instead to work with law enforcement and security industry experts to trace the stolen funds and bring the perpetrators to justice. This decision demonstrates the company's commitment to prioritizing its customers' safety over financial gain.

The $20 Million Bounty Program

As part of its 'Bounty' program, Coinbase is offering a $20 million reward fund to anyone who can provide information that leads to the arrest and conviction of those responsible for the attack. Individuals with relevant information are encouraged to email security@coinbase.com.

Quick Action Against Insider Perpetrators

Coinbase has swiftly taken action against the insider perpetrators, firing them immediately and referring them to US and international law enforcement. The company is also reimbursing customers who were tricked into sending funds to the attackers as a result of social engineering attacks.

Enhancing Security Measures

To prevent similar incidents in the future, Coinbase is implementing additional security measures, including:

* Requiring extra ID checks on large withdrawals from flagged accounts * Displaying mandatory scam-awareness prompts * Opening a new support hub in the US to strengthen its support operations * Strengthening security controls and monitoring across all locations * Increasing investment in insider-threat detection and automated response * Simulating similar security threats to identify potential vulnerabilities

Collaboration with Law Enforcement

Coinbase is also collaborating with law enforcement and the private sector to identify the attackers' addresses, enabling authorities to track and potentially recover the stolen assets. The company intends to press criminal charges against those who carried out the cyber-attack.

Avoided Exposure of Sensitive Data

While the company confirmed that customer data was stolen, Coinbase assured that no passwords, private keys, two-factor authentication (2FA) data or funds were exposed. Additionally, the attackers have not been able to access or move customer funds, including hot and cold cryptocurrency wallets.

Impact of the Breach

The data breach affected less than 1% of Coinbase's monthly transacting users. The company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements related to this incident, according to its filing with the US Securities and Exchange Commission.

A Message to Customers

Coinbase has reiterated its commitment to protecting its customers' data and ensuring their security. The company will continue to work tirelessly to strengthen its defenses against cyber threats and provide a safe and secure environment for its users.

Stay tuned for further updates on this developing story as more information becomes available.