Coinbase exchange has placed a $20 million bounty on attackers who stole some of its customers’ information and requested the same amount in ransom payment.
In a video message on 15 May, the exchange’s co-founder and CEO Brian Armstrong said the damage was minimal but unacceptable, and the management is placing the bounty on the attackers instead of paying them as ransom.
Little but unacceptable
Armstrong said the attackers were only able to steal the basic information such as age, date of birth, and address of less than 1% of Coinbase customers, thanks to “a few bad apples” among their customer support agents.
Although no passwords, private keys or funds were accessed, he said the incident was unacceptable as customer protection is a top priority for the exchange. He also said that concrete steps have been taken to ensure the situation does not repeat itself.
One of the steps is to reimburse any customers that were successfully socially engineered as a result of the incident, and affected customers can access further information on the process on the COinbase website.
Additionally, the exchange is strengthening its system around customer support and is relocating some of its customer support operations to prevent any future repetition of this incident.
Finally, the $20 million bounty is going to anyone with useful information that could lead to the arrest of the attackers.
A word of caution
Crypto scams and hacks with ransom demands are quite common, and mostly happen due to attacks on centralized exchanges like this.
Although this is not the fault of Coinbase users, it is why some experts have advocated for the use of decentralized exchanges rather than centralized exchanges.
With Coinbase being affected as a major centralized exchanges though, other leading exchanges may take the cue to strengthen their security to prevent similar attacks.
ReadNext
