Coinbase says cyber criminals stole customer data and demanded $20 million ransom

Coinbase, nan largest cryptocurrency speech based successful nan US, said criminals had improperly obtained individual information connected nan exchange’s customers for usage successful crypto-stealing scams and were demanding a $20 cardinal (€17.6 million) costs not to publically merchandise nan information.

Coinbase CEO Brian Armstrong said successful a societal media station Thursday that criminals had bribed immoderate of nan company’s customer work agents who unrecorded extracurricular nan US to manus complete individual information connected customers – including names, dates of birth, and partial nationalist recognition numbers.

The stolen information “allows them to behaviour societal engineering attacks wherever they tin telephone our customers impersonating Coinbase customer support and effort to instrumentality them into sending their costs to nan attackers,” Armstrong said.

Social engineering is simply a celebrated hacking strategy, arsenic humans thin to beryllium nan weakest nexus successful immoderate network. Many ample companies person suffered hacks and information breaches arsenic a consequence of specified scams successful caller years.

Coinbase did not specify really galore customers had their information stolen aliases fell prey to societal engineering scams. But nan institution did promise to reimburse immoderate who did.

In a filing pinch nan US Securities and Exchange Commission (SEC), Coinbase estimated that it would person to walk betwixt $180 cardinal to $400 cardinal (€158 cardinal to €352 million) related to remediation and customer reimbursements tied to nan bribes.

The SEC filing said that nan institution had detected immoderate of its customer work agents “accessing information without business need”.

Those labor had been fired, nan institution said, and it has since stepped up its fraud prevention efforts.

Coinbase said it received an email from nan attackers connected Sunday demanding a ransom of $20 cardinal (€17.6 million) worthy of bitcoin successful bid not to publically merchandise nan customer information they had stolen.

Armstrong said nan institution was refusing to salary nan ransom and would alternatively connection a $20 cardinal (€17.6 million) bounty for anyone who provided accusation that led to nan attackers’ arrest.

“For these would-be extortionists aliases anyone seeking to harm Coinbase customers, cognize that we will prosecute you and bring you to justice,” Armstrong said.

“And cognize you person my answer”.