In a daring step against cyber crime, Coinbase, a prominent cryptocurrency exchange, offers a reward of $ 20 million to anyone who can help identify and down the perpetrators of a recent cyber attack, instead of collapsing their ransom.
Coinbase reported on 15 May that cyber criminals put a group of rogue overseas supporting agents and recruited to steal its customer data and to facilitate social engineering attacks.
The attackers were planning to use the stolen data to pretend to be a coinbase and cheat customers to transfer their cryptocurrency companies.
The American Crypto company was asked to pay a ransom of $ 20 million to put an end to the scam.
Coinbase, however, refused to pay the ransom publicly. Instead, it works together with experts in the field of law enforcement and security sector to trace the stolen funds and to hold those responsible for the scheme responsible.
The $ 20 million reward fund is part of a ‘Bounty’ program that is launched by Coinbase. The funds are granted to anyone who can provide information that leads to the arrest and conviction of criminals responsible for the attack.
People with relevant information are encouraged to e -mail security@coinbase.com.
Coinbase’s response to the cyber attack
Coinbase has quickly taken action against the Insider capers, fired them immediately and refers to the American and international law enforcement.
The cryptocurrency exchange will repay customers who have been misled to send money to the attackers as a result of social engineering attacks.
In addition, the company stated that the additional guarantees implemented, including the requirement of additional ID checks on large recordings of marked accounts and displaying compulsory prompts of scam consciousness.
The company also strengthens its support activities by opening a new support hub in the US, strengthening security controls and monitoring at all locations.
It also harasses his defense by increasing investments in insider threat and automated response, as well as simulating similar security threats to identify potential vulnerabilities.
Coinbase also cooperates with law enforcement and the private sector to identify the addresses of the attackers, allowing authorities to follow the stolen assets and possibly restore it.
Finally, Coinbase is planning to press criminal prosecution against those who have carried out the cyber attack.
Datalek Impact
According to Coinbase, the hackers managed to get the following customer data:
- Name, address, telephone and e -mail
- Masked social security (only four digits)
- Masked Bank account numbers and some bank account IDIFIERS
- Government -ID images (e.g. license for driving license, passport)
- Account data (Balans Snapshots and Transaction History)
- Limited company data (including documents, training material and communication available to support agents)
However, the company ensured that no passwords, private keys, two-factor authentication (2FA) data or funds were exposed. Moreover, the attackers do not have access to customer funds, including hot and cold cryptocurrency portfolios. In addition, Coinbase confirmed that the Coinbase Prime accounts remained completely unaffected by the infringement.
The data breach influenced less than 1% of the monthly Coinbase transactions.
Coinbase has provisionally estimated expenditure within the range of approximately $ 180 million to $ 400 million with regard to remediation costs and voluntary customer allowances with regard to this incident, according to the submission to the US Securities and Exchange Commission.
Photo credits: Nadezda Murmakova/Joca_ph/Shutterstock