The hunter has become the hunted. After criminals tried to blackmail Coinbase by demanding $20 million in Bitcoin not to spill the details of a data robbery, the crypto giant has turned around and offered the same sum to whoever turns them in. At a time when crypto crime remains rampant, Coinbase's gambit is a bold if unconventional attempt to punish those who carry it out.
In a company blog post published on Thursday morning, Coinbase revealed that criminals had bribed overseas customer support agents to hand over records, including customer addresses, phone numbers, government IDs and partial details of bank and Social Security records. The company says the stolen data—which did not include log-in credentials or access to wallets—represented fewer than 1% of active monthly transacting customers. Based on Coinbase's latest earnings report, that means fewer than 84,000 customers were affected.
In an interview with Fortune, Coinbase Chief Security Officer Philip Martin said the compromised customer agents, who have all been fired, worked in India. This suggests the crooks who bribed them are likely Indian nationals though that is not confirmed.
The criminals used the data to direct social engineering scams at Coinbase customers, posing as company employees so as to trick them into compromising their accounts. Coinbase did not say how many customers fell for the scams, but did say it would make whole those who did. "It sucks but when we see a problem like this we want to own it and make it right, and that’s what we're doing," said Martin.
Part of that response is refusing to give in to the criminals' blackmail demands, which came in the form of an email saying they would publish the customer data on the Internet unless Coinbase paid $20 million. Martin says this tactic, where cyber gangs demand money from a company not to reveal they got hacked, is becoming more common—but that Coinbase refused to go along with it.
"The knee-jerk reaction of every single person who heard we were being extorted was 'hell no!'" said Martin.
Until Thursday morning, the criminals had been waiting for Coinbase's response to the extortion demand—and now they have it: It will pay $20 million to those who supply information leading to the arrest and conviction of the crooks. The company, which says tipsters can use the email security@coinbase.com, also said it is working with U.S. and international law enforcement to track down the criminals.
The nature of their scam—impersonating trusted or well known crypto companies or executives—is very common in the crypto world. In its blog post, Coinbase reminded users it will never contact them to ask for their password or 2FA or to move their funds to a different wallet, and to hang up the phone if they receive such a request.
This story was originally featured on Fortune.com
Read More Details
Finally We wish PressBee provided you with enough information of ( Coinbase puts $20 million bounty on crooks who tried to extort firm over stolen customer data )
Also on site :