Skip to content Skip to sidebar Skip to footer
Crypto Scoop

Crypto Exchange Coinbase Refuses $20 Million Ransom Demand, Offers Reward Instead

3 days ago

by Sylvester Iyere

The cryptocurrency industry has seen a surge in ransom demands in recent years, with hackers targeting major players in the space. The latest victim is Coinbase, one of the largest cryptocurrency exchanges in the world. According to a statement made by Coinbase founder and CEO Brian Armstrong, the company received a ransom note demanding $20 million in bitcoin in exchange for not releasing sensitive customer information.

Coinbase Refuses to Pay Ransom; Attackers Targeted Customer Support Agents

In a bold move, Armstrong announced that Coinbase would not be paying the ransom. “We are not going to pay your ransom,” he stated. Instead, the company is taking steps to protect its customers and bring the attackers to justice.

“We like to do things transparently here at Coinbase, and so I’m going to respond publicly to these attackers by saying no,” Armstrong said.

According to Armstrong, the attackers attempted to bribe overseas customer support agents to gain access to sensitive customer information. “Now, unfortunately,” said Armstrong, “they were able to find a few bad apples.”

While the company’s support tools have limited access to customer information, the attackers were still able to obtain personal data such as names, dates of birth, and addresses. This information could be used to conduct social engineering attacks, where hackers impersonate Coinbase customer support and trick customers into sending their funds to the attacker.

Limited Impact, But Unacceptable Nonetheless

Fortunately, the impact of the attack was limited, with less than 1% of Coinbase’s monthly transacting users having their records accessed:  “Our systems are designed to mitigate the impact of something like this, so less than one percent of our monthly transacting users had their records accessed …”

However, Armstrong emphasized that this is still unacceptable. “This is still unacceptable,” he said. “And I want to tell you what we’re doing about it.”

Read also: Crypto market plunges as Bybit suffers $1.4 billion hack.

Reimbursement and System Hardening

Coinbase is taking several steps to address the incident. 

Firstly, Coinbase will reimburse any customers who were socially engineered as a result of the attack. “Any customers that were socially engineered as a result of this incident, we’re going to reimburse them,” Armstrong stated. 

Additionally, Coinbase is hardening its systems around customer support to prevent similar incidents in the future. The company is also relocating some of its customer support operations. In Armstrong’s words, “Number two, we’re hardening our systems around customer support to make something like this much more difficult in the future. And third, we’re actually relocating some of our customer support operations as a result of this.”

$20 Million Reward for Useful Information to Apprehend Attackers

But perhaps the most significant move is Coinbase’s decision to offer a $20 million reward for any information leading to the arrest and conviction of the attackers. “Instead of paying this $20 million ransom, we’re turning it around,” Armstrong said. “And we’re putting out a twenty million dollar award for any information leading to the arrest and conviction of these attackers.”

In a clear message to would-be extortionists, Armstrong stated, “But to these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice.” 

With this move, Coinbase is sending a strong signal that it will not be intimidated by ransom demands and will take all necessary steps to protect its customers and bring attackers to justice.

Read also: The Five Biggest Crypto Hacks in History

Significance of Coinbase’s Move: A Lesson for the Crypto Industry

Coinbase’s decision to refuse the ransom demand and offer a reward instead sets a significant precedent for the crypto industry. By taking a firm stance against extortionists, Coinbase is demonstrating that it prioritizes customer security and safety over potential financial losses. This move sends a strong message to other crypto exchanges and other operators in the industry, highlighting the importance of prioritizing security and customer protection.

However, Coinbase needs to improve its cybersecurity architecture, ensuring that identified weak links are taken out of the system, whether human or otherwise.

Meanwhile, the crypto industry can learn from Coinbase’s response in several ways:

  1. Prioritize customer security: Coinbase’s decision to reimburse affected customers and harden its systems demonstrates the importance of prioritizing customer security and safety.
  2. Don’t give in to ransom demands: By refusing to pay the ransom, Coinbase is sending a strong signal that it will not be intimidated by extortionists.
  3. Collaborate with law enforcement: Coinbase’s decision to offer a reward for information leading to the arrest and conviction of the attackers demonstrates the importance of collaborating with law enforcement to bring attackers to justice.
  4. Monitor the customer unit: Operators should ensure that there are adequate measures in place to effectively manage and monitor the customer care aspect—as well as other aspects—of their operations as this unit often deals with the personal data of customers.

Overall, Coinbase’s response to the ransom demand is a significant step towards promoting a safer and more secure crypto industry. Other companies and exchanges can learn from this example and take proactive steps to protect their customers and prevent similar incidents.

Read also: Read: Why Collaboration is Vital in the Crypto Industry: The Bybit Hack and Bitget $106million Example

Avoiding Social Engineering Techniques by Crypto Hackers

To protect yourself from social engineering attacks, follow these best practices:

Verification and Authentication

  • Verify Identity: Always double-check the authenticity of the other party, especially if they request sensitive information. Use official contact points, not links or emails they provide.
  • Enable Multi-Factor Authentication (MFA): Use an authenticator app instead of SMS-based MFA. Consider using passkeys for added protection where supported.

Protecting Personal Information

  • Be Mindful of Personal Information: Scammers mine social media for clues to craft convincing attacks. Avoid sharing sensitive information online, such as:
  • Seed Phrases: Never share your seed phrases, passwords, or private keys with anyone, including those claiming to be customer support.
  • Personal Details: Refrain from answering Twitter quizzes or sharing personal details that could be used to guess security questions.
  • Limit Social Media Sharing: Avoid sharing too much information on social media and public forums, as this can be used to craft targeted attacks.

Additional Tips

  • Stay Educated: Follow official announcements to stay updated on new scams and join crypto security communities to learn from others’ experiences.
  • Practice Due Diligence: Always research and verify information before taking action, and be cautious of unsolicited offers or requests.

Read also: How do hackers carry out phishing to access my crypto account (Coinbase as a case study)?

Discover more from Crypto Asset Buyer

Subscribe to get the latest posts sent to your email.

Tags:

Related Posts

Crypto Scoop October 20, 2024

Brazil’s Central Bank tests DeFi features in its CBDC pilot.

etoro crypo exchange
Crypto Scoop September 21, 2024

eToro and US SEC settlement: Takeaways for digital assets operators

Discover more from Crypto Asset Buyer

Subscribe now to keep reading and get access to the full archive.

Continue reading