Coinbase rejected a $20 million ransom demand after insiders leaked user data in a phishing scheme. Less than 1% of users were affected, the company said.
Coinbase, the world’s third-largest cryptocurrency exchange, was hit by a $20 million extortion attempt after cybercriminals recruited overseas support agents to leak user data, the company said.
According to a May 15 blog post, Coinbase said a group of external actors bribed and coordinated with several customer support contractors to access internal systems and steal limited user account data.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said, adding that no passwords, private keys, funds or Coinbase Prime accounts were affected.
