Coinbase, the leading cryptocurrency exchange based in the U.S., made a shocking announcement on Thursday. The company revealed that criminals had gained unauthorized access to personal data belonging to their customers. These malicious actors were using the stolen information for crypto-stealing scams and were demanding a hefty $20 million ransom to prevent the public release of the data.
According to Coinbase CEO Brian Armstrong, the criminals had bribed some of the company’s customer service agents who reside outside the U.S. These agents were coerced into handing over sensitive customer data such as names, dates of birth, and partial social security numbers. This stolen information allowed the criminals to engage in social engineering attacks, where they could impersonate Coinbase customer support to trick customers into sending their funds to the attackers.
Social engineering attacks have become a prevalent hacking strategy, exploiting the vulnerability of human behavior in a network. Many large companies have fallen victim to such scams in recent years, leading to hacks and data breaches.
While Coinbase did not disclose the exact number of customers affected by the data breach or social engineering scams, the company assured that they would reimburse any impacted individuals. As a result of this incident, Coinbase’s shares experienced a 6% decline in trading, despite a 22% increase earlier in the month due to gains in cryptocurrencies like bitcoin.
In a filing with the Securities and Exchange Commission, Coinbase estimated that they would incur remediation costs and voluntary customer reimbursements ranging from $180 million to $400 million related to the incident. The company acknowledged that in previous months, some customer service agents had accessed data without a legitimate business need, leading to their termination. Coinbase has since implemented enhanced fraud prevention measures to prevent similar incidents in the future.
Following an email from the attackers demanding a $20 million ransom in bitcoin, Coinbase has refused to pay and instead opted to offer a $20 million bounty for information leading to the arrest of the perpetrators. Armstrong emphasized that the company would not tolerate extortion or any actions that harm Coinbase customers, promising to prosecute the attackers and bring them to justice.
For those attempting to extort Coinbase or harm its customers, Armstrong’s message was clear: the company will not yield to ransom demands and is committed to holding perpetrators accountable for their actions. The firm stance against criminal activity underscores Coinbase’s dedication to safeguarding its customers’ data and maintaining the integrity of its platform.
