Coinbase Hit by Cyber Attack: $20M Ransom Demanded

Crypto-exchange Coinbase has revealed that it was the victim of a cyber attack, with hackers breaching customer data and demanding a staggering $20 million ransom payment in exchange for not releasing the stolen information publicly.

How Did It Happen?

Coinbase CEO Brian Armstrong explained on social media that the company's customer service agents living outside the U.S. had been bribed by the hackers to hand over personal data of Coinbase customers, including names, dates of birth, and partial social security numbers.

"The stolen data allows them to conduct social engineering attacks where they can call our customers impersonating Coinbase customer support and try to trick them into sending their funds to the attackers," Armstrong said. Social engineering is a popular hacking strategy that exploits human psychology, making it difficult for even the most secure systems to withstand.

Consequences of the Hack

While Coinbase did not specify how many customers had their data stolen or fell prey to social engineering scams, the company pledged to reimburse any affected customers. In a filing with the Securities and Exchange Commission (SEC), Coinbase estimated that it would have to spend between $180 million to $400 million on remediation costs and voluntary customer reimbursements.

Ransom Demand

The hackers sent an email to Coinbase on Sunday, demanding a ransom of $20 million worth of bitcoin in exchange for not publicly releasing the stolen customer data. However, Armstrong refused to pay the ransom, instead offering a $20 million bounty for anyone who provided information that led to the attackers' arrest.

Response from Coinbase

"For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice," Armstrong said. "And know you have my answer." The company has vowed to take action against those responsible for the hack and ensure that its customers' data is protected.