In a bold response to a cyber-extortion attempt, Coinbase has turned the tables on attackers who demanded $20 million in Bitcoin to keep stolen customer data from being exposed. Instead of yielding to the threat, the crypto exchange is offering a $20 million bounty to anyone who can help identify and bring the perpetrators to justice.
According to a detailed blog post published Thursday, the breach stemmed from a coordinated scheme in which cybercriminals bribed overseas customer support agents to leak sensitive user information. The compromised data includes full names, email addresses, masked bank details, physical addresses, and scanned ID documents—though no passwords, private keys, or funds were accessed. Coinbase Prime accounts, used by institutional clients, were also unaffected.
The attackers reportedly used the stolen information to impersonate Coinbase support staff in an effort to scam individual customers through sophisticated social engineering tactics. Once the breach was discovered, the criminals attempted to pressure the company with a $20 million ransom demand.
“They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company wrote in its statement—marking a rare but decisive stand against ransom-based threats in the crypto sector.
Armstrong Rejects Ransom, Issues $20M Public Bounty
Coinbase CEO Brian Armstrong took a defiant public stance following the company’s recent data breach—declaring in a video statement that the exchange will not negotiate with extortionists.
“We are not going to pay your ransom,” Armstrong said, as cited in Coinbase’s blog post.
Instead of yielding to the $20 million demand, the company is now offering that same amount as a reward for actionable information that leads to the identification and prosecution of the attackers.
“We’re putting out a $20 million award for any information leading to the arrest and conviction of these attackers,” Armstrong said, evoking a real-world version of the 1996 film Ransom, where a hostage taker’s threat is met with an aggressive bounty instead of compliance.
The strategy marks a notable shift in how crypto firms handle cybersecurity threats. Rather than quietly paying off hackers or offering bug bounties to recover stolen funds, Coinbase is going on the offensive—leveraging legal channels and public incentives to dismantle the threat.
Coinbase Vows Justice, Strengthens Internal Cybersecurity
In the wake of a targeted data breach and extortion attempt, Coinbase is doubling down on both accountability and internal safeguards. The crypto exchange confirmed it is actively collaborating with law enforcement agencies, has flagged the attackers’ wallet addresses, and pledged to fully reimburse any customers who suffered losses through related social engineering scams.
To prevent future breaches, Coinbase announced it is launching a new customer support hub within the United States, a move designed to reduce reliance on third-party contractors in high-risk regions. The company is also tightening internal access protocols and reinforcing its cybersecurity infrastructure.
In a final message directed squarely at the attackers, CEO Brian Armstrong didn’t mince words:
“We will prosecute you and bring you to justice. Now you have my answer.”
Quick Facts
- Coinbase refused to pay a $20 million ransom to cybercriminals and instead offered the same amount as a bounty for information leading to the attackers’ arrest and conviction.
- The breach originated from compromised overseas contractors who leaked customer information including names, emails, addresses, and scanned IDs—though no passwords or funds were accessed.
- CEO Brian Armstrong announced Coinbase will fully reimburse affected customers and is establishing a U.S.-based support center to strengthen security oversight.
- The company is collaborating with law enforcement and has flagged the attackers’ crypto wallet addresses to prevent further laundering or movement of extorted funds.
