Coinbase Refuses $20M Ransom, Offers $20M Reward After Cyber Attack

Coinbase, a leading name in the cryptocurrency industry, faced a significant cyber attack on May 15. The attackers targeted customer data and demanded a $20 million ransom. However, Coinbase CEO Brian Armstrong refused to comply with the demands, releasing a statement on the X platform affirming, “We are not going to pay ransom.” Armstrong's decision underscores Coinbase's commitment to protecting its users, not just through technological means, but also through principled actions. This stance sends a clear message to cyber criminals that intimidation tactics will not be effective against the company.

The extortion attempt affected less than 1% of Coinbase’s monthly active users. The attackers bribed a few overseas support agents to gain limited access to data. However, Armstrong confirmed that no sensitive information, such as passwords, private keys, or funds, was compromised. The prime accounts remained secure throughout the incident. Armstrong also mentioned that the affected customers would be reimbursed for any losses incurred due to the breach.

According to Armstrong, the cyber criminals approached a few offshore Coinbase users and offered them a bribe to obtain customer information. The data accessed was minimal, affecting only 1% of users and not compromising their financial assets. The attackers also sent emails to certain customers seeking information. Coinbase discovered the breach promptly and took immediate action, limiting access to customer support, securing systems, and launching an investigation.

In response to the attack, Coinbase released a statement: “We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead, we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.” This move is one of the largest corporate bounties ever issued for cybercrime, demonstrating the company's seriousness in addressing this threat. The bounty aims to not only catch the criminals but also raise awareness among investors about the importance of user trust and security.

This incident highlights the broader implications for the digital finance ecosystem. Coinbase plans to enhance its internal systems, including stricter access controls, enhanced monitoring, and more rigorous employee screening. The case also underscores the importance of collaboration among companies, cybersecurity experts, and law enforcement to stay ahead of evolving threats. Armstrong's refusal to give in to the attackers and his decision to fight back legally is a clear win for user protection and transparency. With a $20 million bounty now on the line, Coinbase is turning defense into offense and setting a powerful precedent against cyber criminals.