Coinbase Hit by Cyberattack: Thieves Demand $20 Million Ransom
Coinbase, the largest cryptocurrency exchange based in the United States, has suffered a devastating cyberattack. The company revealed that hackers had stolen sensitive customer data and were demanding a ransom of $20 million in bitcoin not to publicly release the information.
How Did the Hack Happen?
Coinbase CEO Brian Armstrong stated in a social media post that some of the company's customer service agents living outside the United States had been bribed by criminals. These agents had handed over personal data on customers, including names, dates of birth, and partial social security numbers.
Armstrong explained that this stolen data allows hackers to conduct "social engineering attacks," where they impersonate Coinbase customer support and trick victims into sending their funds to the attackers.
The Impact of Social Engineering
Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Many large companies have suffered hacks and data breaches due to such scams in recent years.
Coinbase did not specify how many customers had their data stolen or fell prey to social engineering scams. However, the company pledged to reimburse any affected individuals.
Consequences for Coinbase
The shares of Coinbase plummeted 6% in trading around midday. Despite this setback, the shares are still up about 22% this month due to gains in bitcoin and other cryptocurrencies.
In a filing with the Securities and Exchange Commission, Coinbase estimated that it would need to spend between $180 million and $400 million "relating to remediation costs and voluntary customer reimbursements relating to this incident."
Ransom Demand
The attackers sent an email to Coinbase on Sunday demanding a ransom of $20 million worth of bitcoin not to publicly release the stolen customer data.
Armstrong stated that the company would refuse to pay the ransom and instead offered a $20 million bounty for anyone who provided information that led to the attackers' arrest.
"For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice," Armstrong said. "And know you have my answer."
A Message from Coinbase's CEO
Armstrong emphasized that the company is committed to protecting its customers' data and will take all necessary steps to prevent such attacks in the future.
"We value our customers' trust, and we're committed to doing everything in our power to keep their information safe," Armstrong said.