A Coinbase hack has seen some customers tricked into sending funds to the attackers, with the company estimating that they suffered losses of somewhere between $180M and $400M.
The attackers also stole personal data, after Coinbase refused to pay a ransom demand – instead reporting the hack to law enforcement, and offering a $20M reward for information on the perpetrators …
Reuters reports that the crypto company’s shares fell following the disclosure.
Coinbase forecast a hit between $180 million and $400 million from a cyber attack that breached account data of a “small subset” of its customers, sending the crypto exchange’s shares down 3% in premarket trading on Thursday […]
Coinbase said that while the attackers stole some data including names, addresses and emails, they did not get access to login credentials or passwords. It will, however, reimburse the customers who were tricked into sending funds to the attackers.
The hackers reportedly bribed employees and contractors to hand over information from internal systems.
A $20M ransom was demanded, but Coinbase refused to pay, choosing instead to work with law enforcement – and offer the same sum as a reward for information on the criminals behind the attack. The employees and contractors involved have been fired, and will likely face criminal investigation.
“Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident,” said Coinbase.
9to5Mac’s Take
This clearly could have been very much worse. Coinbase has done the right thing in refusing to pay the ransom, and spending up to $400M in reimbursing customers is a small price to pay to maintain confidence in the exchange.
Highlighted accessories
FTC: We use income earning auto affiliate links. More.
