- Coinbase rejects $20M ransom after social engineering breach affects under 1% users.
- Stolen data includes IDs and contacts; private keys and accounts remain secure.
- Coinbase boosts security, offers $20M reward, and cooperates with global law enforcement.
Coinbase has revealed that a recent security breach involving a small portion of its user base was the result of a targeted social engineering attack. The company said that overseas customer representatives were offered bribes by criminals trying to reach customer data. Because of the incident, Coinbase launched an investigation and refused to give in to a $20 million ransom demanded by the attackers, as it only affected fewer than 1% of users every month.
Stolen Data Includes IDs, Contacts—Private Keys Remain Secure
To be transparent, Coinbase said that while the attackers took some customer data, no sensitive data was affected and user accounts were fully secure. The stolen information involved names, addresses, phone numbers, and email addresses. It also includes some restricted financial data, such as disguised Social Security numbers and bank account information.
Hackers also stole some documents and training files. Moreover, they accessed records containing ID images and past transactions. They could not get login secrets, private keys, or two-factor verification codes, nor were they able to get into or send funds through Coinbase or its customers’ accounts.
Coinbase chose not to pay the requested ransom and decided to face the attack from the beginning. Coinbase said that it would repay users who lost money due to the social engineering tactic. To protect against similar situations, Coinbase has added several additional security systems. They include making it harder to transfer a lot of funds, setting up a support center in the U.S. with improved supervision, and expanding ways to detect and block suspicious actions.
Coinbase decided not to pay the ransom and instead declared a $20 million reward for any information leading to the arrest of the people responsible. First, they are actively searching for the stolen funds. Additionally, they are working with police from the United States and other countries. Coinbase instantly removed the employees involved and reported them to authorities for criminal charges.
Coinbase Alerts Users to Stay Vigilant Against Fraud Attempts
Meanwhile, Coinbase has reached out to users, informing them and advising all customers on how to protect themselves from similar fraud. Coinbase sent a reminder to all users, stating it does not request login details, 2FA codes, or transfers to unknown destinations. Armstrong noted that the company is interested in expanding globally, either by acquisition or partnerships.
Despite the event, Coinbase has accomplished a significant achievement. Coinbase recently achieved a major milestone by being the first crypto firm to be part of the S&P 500 Index. Many see the S&P 500’s interest in Coinbase as a good omen for cryptocurrency’s increase in popularity.
Coinbase CEO Brian Armstrong recently highlighted the company’s global expansion ambitions. He mentioned that Coinbase is likely to pursue additional mergers and acquisitions. Moreover, these efforts will support the company’s international growth and the launch of new products. As a result, Coinbase aims to strengthen its global presence and service offerings.
In response to rumors about purchasing Circle, Coinbase CEO Brian Armstrong confirmed on Bloomberg that there was currently no news to announce on that topic. Coinbase is successfully handling both risks and opportunities because it has a solid foundation and a clear vision.
The post Coinbase Refuses $20M Extortion Demand After Data Leak appeared first on Live Bitcoin News.