Coinbase launches $20M bounty after rogue agents leak customer data

Home » Business » Coinbase launches $20M bounty after rogue agents leak customer data

The firm says it has improved security and collaborated with law enforcement to address internal threats and prevent future breaches.

Coinbase has launched a $20 million reward program to identify and bring to justice the perpetrators behind a recent data breach that involved bribed customer service agents and attempted extortion, the company said in a Thursday announcement.

The crypto exchange disclosed that cybercriminals paid overseas customer support agents to extract sensitive customer data from internal systems.

The breach affected less than 1% of Coinbase’s monthly transacting users but did not compromise passwords, private keys, or access to customer funds, Coinbase stated. Coinbase Prime accounts remain unaffected.

The attackers attempted to use the stolen information, including names, contact details, masked SSNs and bank data, and account activity, to conduct social engineering scams impersonating Coinbase. After the breach, the perpetrators issued a $20 million ransom demand, which Coinbase firmly rejected.

“We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received,” Coinbase said in the announcement. “Instead, we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”

The company confirmed that any retail customers who were tricked into sending funds as a result of this incident would be reimbursed following an internal review. Affected users have already been notified.

In response to the breach, Coinbase implemented several security measures, including opening a new US-based customer support hub, strengthening insider threat detection systems, adding mandatory scam-awareness prompts and ID checks for flagged accounts, and collaborating with law enforcement to trace stolen funds.

“For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice. And now you have my answer,” said Coinbase CEO Brian Armstrong in a video statement.