Coinbase has announced a $20 million reward program aimed at identifying and prosecuting those responsible for a recent data breach involving bribed customer service agents and extortion attempts.
The breach, which affected less than 1% of the company’s monthly transacting users, involved cybercriminals paying overseas support staff to access sensitive customer information from internal systems.
However, Coinbase reassured users that passwords, private keys, and access to customer funds were not compromised and that Coinbase Prime accounts were unaffected.
The attackers used the stolen data, which included names, contact information, masked Social Security Numbers, bank details, and account activity, to attempt social engineering scams by impersonating Coinbase.
Following the breach, the criminals demanded a ransom of $20 million, which Coinbase firmly rejected. Instead of complying, the company is offering a reward for information that leads to the arrest and conviction of the individuals involved in the attack.
Coinbase has committed to reimbursing any retail customers who may have been deceived into sending funds due to this incident, and affected users have already been notified. In light of the breach, the company has taken several proactive security measures.
These include establishing a new customer support hub in the U.S., enhancing systems to detect insider threats, implementing mandatory scam-awareness prompts, and conducting identity checks for flagged accounts. Additionally, Coinbase is working closely with law enforcement to trace any stolen funds.