Coinbase Announces $20 Million Reward to Dismantle Cybercrime Organization Responsible for Hack

In a decisive action against cybercrime, Coinbase, a leading cryptocurrency exchange, has announced a $20 million reward aimed at identifying and apprehending those responsible for a recent cyberattack, opting to resist the ransom demands made by the attackers.

On May 15, Coinbase disclosed that cybercriminals had illicitly recruited overseas support agents to steal customer data and stage social engineering attacks. The attackers had intended to leverage the stolen information to impersonate Coinbase, thereby deceiving users into surrendering their cryptocurrency assets.

Initially, the attackers demanded a ransom of $20 million to cease their operations. However, Coinbase has publicly stated its refusal to comply. The company is actively collaborating with law enforcement and cybersecurity experts to trace the stolen funds and bring the perpetrators to justice. The $20 million reward fund is part of a newly launched bounty program at Coinbase, which aims to incentivize individuals with information that could lead to the arrest and conviction of those involved in the attack. Relevant information can be reported via email at [email protected].

Coinbase’s Strategic Response

In response to the insider involvement in the breach, Coinbase has acted swiftly by terminating the employment of those implicated and has referred them to both U.S. and international law enforcement agencies. The exchange has also committed to reimbursing customers who have been deceived into sending funds to the attackers as part of social engineering schemes.

To enhance its protection measures, Coinbase is instituting additional safeguards, including mandatory identification checks on large withdrawals from suspicious accounts and implementing scam-awareness warnings for users. Furthermore, the company is expanding its customer support operations by establishing a new support center in the United States, augmenting security controls, and enhancing monitoring across all operational locations.

Coinbase is focused on fortifying its defenses by increasing investments in insider threat detection technologies and automated response mechanisms, as well as conducting simulations of potential attacks to uncover vulnerabilities. In parallel, the firm is partnering with law enforcement and the private sector to analyze the digital track of the attackers, which could assist authorities in recovering the misappropriated assets. Additionally, Coinbase plans to pursue criminal charges against those responsible for the cyber intrusion.

Assessment of Data Breach Impact

The data breach resulted in hackers gaining access to a range of customer information, including:

– Names, addresses, phone numbers, and emails
– Masked Social Security numbers (last four digits only)
– Masked bank account numbers and related identifiers
– Government identification images (e.g., driver’s license, passport)
– Account details (including balance snapshots and transaction histories)
– Limited corporate data, such as documents and communication accessible to support agents

Despite the breach, Coinbase has assured customers that no passwords, private keys, two-factor authentication data, or funds were exposed. Moreover, the attackers were unable to access or transfer customer funds stored in both hot and cold wallets. Coinbase confirmed that its Coinbase Prime accounts remained completely unaffected by this incident.

The breach impacted less than 1% of Coinbase’s monthly transacting users. Preliminary estimates from the company indicate that remedial expenses could range between $180 million and $400 million, which includes costs for addressing the breach and compensating affected customers, as reported in filings with the U.S. Securities and Exchange Commission.