Coinbase, the largest US crypto exchange, said it received a $20 million ransom demand from hackers who stole customer data.
The malicious actors bribed customer service agents based in India, gaining access to privileged information, such as client names, dates of birth, addresses, and bank details. They demanded the $20 million ransom in exchange for deleting the data, however, the company responded to the threat by offering the equivalent amount of money for information leading to arrests and convictions.
$400m reimbursement fund
Coinbase shares slumped 7% following the announcement of the incident, only days after the stock had been added to the S&P 500 benchmark index. The company said it has set up a $400 million fund to reimburse customers that were affected by the hack, and it immediately dismissed employees involved in wrongdoing.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” Coinbase said on a statement on its website. “No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched.”
Even though less than 1% of Coinbase users were affected, the type of information gained by attackers is sensitive and may potentially be used in social engineering scams to impersonate Coinbase, or to gain access to other accounts.
Reputational risks
Speaking to Reuters, Bo Pei, an analyst at U.S. Tiger Securities, cautioned that "the cyber-attack may push the industry to adopt stricter employee vetting and introduce some reputational risks."
For Coinbase, which had celebrated its inclusion in the “prestigious” S&P500 as a “milestone” just a few days ago, the data theft brings an unwelcome mixture of reputational damage, financial cost and time spent on the investigations that will follow.
