Coinbase, a renowned cryptocurrency exchange, is offering a $20 million prize to anyone who can assist identify and bring down the culprits of a recent cyber-attack, rather than fulfilling their ransom demands.
On May 15, Coinbase said that attackers bribed and recruited a group of rogue offshore support agents to steal client data and carry out social engineering attacks. The attackers intended to exploit the stolen data to imitate Coinbase and trick users into turning up their cryptocurrency holdings.
The US crypto firm was asked to pay a $20 million ransom to end the scam. However, Coinbase has openly refused to pay the ransom. Instead, it is collaborating with law enforcement and security sector experts to track down the stolen assets and hold those behind the scheme accountable.
Coinbase introduced the 'Bounty' program, which includes the $20 million reward fund. The funds will be awarded to anyone who can offer information that leads to the arrest and conviction of the culprits responsible for the attack.
Establishing safety protocols
Coinbase acted quickly against the insider offenders, firing them and reporting them to US and international law authorities. The crypto exchange will compensate consumers who were duped into sending funds to the perpetrators as a result of social engineering work.
Furthermore, the crypto exchange suggested that it was putting in place additional measures, such as requesting extra ID checks for substantial withdrawals from flagged accounts and showing mandatory scam-awareness messages.
The company is also expanding its support operations by establishing a new help hub in the United States and tightening security controls and monitoring across all sites. It is also strengthening its defences by investing more in insider threat detection and automated response, as well as replicating similar security risks to discover potential flaws.
Coinbase is also working with law enforcement and the private sector to identify the attackers' addresses, allowing authorities to track down and perhaps recover the stolen assets. Finally, Coinbase wants to file criminal charges against those who carried out the cyberattack.