Coinbase has revealed details of a recent insider attack involving bribed overseas support agents who leaked sensitive user data. This breach affected less than 1% of the platform’s monthly transacting users, and was aimed at enabling social engineering attacks. However, Coinbase has confirmed that no passwords, private keys, or user funds were compromised, and Coinbase Prime accounts remain untouched.

After stealing limited personal data, the attackers tried extorting $20 million to conceal the incident. Instead of paying the ransom, Coinbase has launched a $20 million reward fund for tips leading to the arrest and conviction of these perpetrators.

What Was Accessed and What Wasn’t

According to Coinbase, the stolen data includes names, contact information, masked Social Security and bank account numbers, government ID images, and transaction history. However, sensitive details such as login credentials, 2FA codes, and private keys remained secure.

This breach occurred following a targeted campaign where criminals exchanged cash for unauthorised access to internal systems with a small group of overseas support agents. So, the culprits impersonated Coinbase to trick unsuspecting users into sending funds.

Protective Measures and Customer Reimbursement

Coinbase has assured customers that retail users tricked by the social engineering campaign into sending crypto to the attackers will be reimbursed. Affected individuals received email notifications at 7:20 a.m. ET on May 15 from no-reply@info.coinbase.com.

To protect users moving forward, Coinbase has implemented new protective protocols. These include enhanced ID verification for flagged accounts, scam-awareness prompts, and potential delays for high-risk transactions. The company is also strengthening its customer support operations with a new support hub in the US and enhanced internal monitoring systems across board.

In addition, Coinbase is investing in insider-threat detection and simulation testing to identify security issues proactively.

Fighting Back: Law Enforcement and a $20M Bounty

Coinbase has fired the compromised agents and referred the matter to U.S. and international law enforcement. It is also collaborating with blockchain partners to tag attacker wallet addresses and trace stolen assets.

Rather than meet the ransom demand, Coinbase is doubling down on its commitment to security and transparency with a $20 million bounty fund. The company urges anyone with relevant information to email security@coinbase.com with “[BOUNTY]” in the subject line.

A Reminder to Stay Vigilant

Coinbase warns users to watch out for impersonators. The company reiterated that it will never ask for passwords, 2FA codes, or request users to move funds. Also, users are advised to lock their accounts once they suspect fraud and review Coinbase’s updated security tips to stay safe from social engineering attacks.

“Crypto adoption depends on trust. We’re committed to owning these issues when they arise and continuing to invest in world-class defenses to protect the crypto economy for everyone,” the company stated.