Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Businesses Security

Coinbase Offers $20 Million Bounty To Catch Data Thieves After Extortion Attempt (fortune.com) 17

Posted by msmash from the no-ransom dept.
Cryptocurrency exchange Coinbase said Thursday it is offering a $20 million reward for information leading to the arrest and conviction of criminals who attempted to extort the company for the same amount after stealing customer data.

The criminals bribed customer support agents in overseas markets to access records containing addresses, phone numbers, government IDs, and partial bank and Social Security details of more than 80,000 customers. "It sucks but when we see a problem like this we want to own it and make it right," Coinbase Chief Security Officer Philip Martin told Fortune.

The company will reimburse customers who fell victim to subsequent social engineering scams. No login credentials or wallet access were compromised in the breach. The extortionists had threatened to publish the stolen information unless paid $20 million in Bitcoin.

Coinbase Offers $20 Million Bounty To Catch Data Thieves After Extortion Attempt More | Reply

Coinbase Offers $20 Million Bounty To Catch Data Thieves After Extortion Attempt

Comments Filter:
  • Is this $20 million in real or fun money?
  • And stop this crypto scam going. Every cryptography researcher has got cryptocurrency in their crosshairs, its only a matter of time before the whole thing blows up.

    • And stop this crypto scam going. Every cryptography researcher has got cryptocurrency in their crosshairs, its only a matter of time before the whole thing blows up.

      No need to even wait for a hack of the scheme. So many different crypto coins are available for those who think they missed the boat on Bitcoin that the crypto market will die of the very hyperinflation that Bitcoin was intended to cure.

  • and mafia-on-mafia fights are usually pretty ugly.

    At best Coinbase is basically an online casino. They're major business is to present crypto as a "legit investment" to normal folks who want to gamble. They've probably got healthy side businesses supporting criminality and wash trading. I registered for Coinbase 5 years ago, that was my only interaction with them, and never stopped flooding me with "BUY THE CRYPTO DIP NOW NOW NOW" emails.

  • Hard to send cops to (Score:3, Insightful)

    by Tablizer ( 95088 ) on Thursday May 15, 2025 @11:40AM (#65378785) Journal

    ...N. Korea.

  • Let's translate part of this (Score:4, Insightful)

    by Arrogant-Bastard ( 141720 ) on Thursday May 15, 2025 @12:07PM (#65378853)
    Their version: "The criminals bribed customer support agents in overseas markets to access records containing addresses, phone numbers, government IDs, and partial bank and Social Security details of more than 80,000 customers."

    Correct version: We, Coinbase, were too cheap to vet and hire customer support agents locally, so we outsourced support to sketchy people at sketchy operations elsewhere, and then we strongly encouraged them to accept bribes by severely underpaying them while simultaneously giving them unlimited, unaudited access to as much sensitive customer information as possible. Now we're grandstanding in an attempt to distract attention from our own incompetence."

    • But did they save $20M by doing so?

      They were also using that Signal clone that sent all comms through cleartext SMTP to Outlook (per sggrc) and probably foreign intelligence so the nature of the company is quite an uncertainty.

    • Re: (Score:2)

      by rskbrkr ( 824653 )

      Correct version: We, Coinbase, were too cheap to vet and hire customer support agents locally, so we outsourced support to sketchy people at sketchy operations elsewhere, and then we strongly encouraged them to accept bribes by severely underpaying them while simultaneously giving them unlimited, unaudited access to as much sensitive customer information as possible. Now we're grandstanding in an attempt to distract attention from our own incompetence."

      This is predicated on the assumption that oversea customer support is automatically more sketchy than domestic customer support. I believe the Philippines, which is a popular option fohttps://it.slashdot.org/story/25/05/15/1415242/coinbase-offers-20-million-bounty-to-catch-data-thieves-after-extortion-attempt#r customer support, generally have a lower rate of crime than the US.

      • Actually, they are in India. Regardless, it's not exactly prudent to offshore liability to strangers whom you don't verify, monitor, or know. Childish to think you can crowdsource vigilante justice when dealing with an organized, possibly government backed, crime syndicate.

        Is twenty million really adequate compensation for spending the rest of your life looking over your shoulder? Like they say, you can't cheat an honest man. Could you trust a company this shady, erm, naive to actually pay the bounty?

  • If more companies would not only put a monetary bounty on these crooks but also specify "dead or alive," perhaps it would start to put a dent in their activities. They're already operating from countries that either look the other way or actively assist them in their activities. Putting a death mark on them ups the stakes considerably and allows the use of...ahem...alternate actors...ahem...that can operate beyond the law to get actual results.

  • It's worse than the article says (Score:4, Interesting)

    by smooth wombat ( 796938 ) on Thursday May 15, 2025 @12:22PM (#65378887) Journal
    Coinbase is saying it could cost up to $400 million for remediation AND reimbursement to customers [marketwatch.com]. The $20 million is on top of this, if it is ever paid out.

  • KYC/AML Caused this (Score:2, Interesting)

    by turbotalon ( 592486 )
    Well-intentioned KYC/AMC laws meant Coinbase had to have this information on file. This kind of extortion and theft would not be possible if Coinbase didn't have the info in the first place. Coinbase bears responsibility for having poor systems in place, but government regulators are ultimately the responsible as well.

    • Well, if the government weren't responsible for this breach, they'd be responsible instead for massive amounts of dirty money being laundered through Coinbase's systems. (At least by your method of attributing responsibility.)

      Would you rather have the crooks who are enabled by lack of regulation, or the crooks who are enabled by the presence of regulation?

  • Any attack of significance is likely going to be by a nation-state actor, so arrest is a non-starter. Even if it is cybercrime gang then they are almost certainly going to be in Russia or Romania. Again, not getting arrested. Even if you somehow luck out and they get arrested, you need to wait for them to be not merely prosecuted but also convicted which means they have to also exhaust all their appeals. So if you somehow manage to clear all that then it'll likely be a payout in 7 seven years. Chances of ge

  • This is a good model for other companies on how to handle ransom requests.

Slashdot Top Deals

"The C Programming Language -- A language which combines the flexibility of assembly language with the power of assembly language."

Close