“Hey everyone, I want to make you aware of a disturbing email that we received recently at Coinbase. It was a ransom note demanding $20 million in Bitcoin in exchange for these attackers not releasing some information they claim to have obtained on our customers. Now, we like to do things transparently here at Coinbase, and so I’m going to respond publicly to these attackers by saying, no, we are not going to pay your ransom. In fact, I have a few next steps in mind that I’m going to share at the end of this video. But for the rest of you watching, wondering what happened, we did an investigation here, and these attackers have been approaching our overseas customer support agents, looking for a weak link, someone who would accept a bribe in exchange for sharing some customer information with them. Now, our support tools have limited access to customer information. There was no passwords or private keys or funds accessed as part of this. But customer support agents do have access to personal information like name, date of birth, address, etc. The attackers still want access to this information because it allows them to conduct social engineering attacks where they can call our customers, impersonating Coinbase customer support, and try to trick them into sending their funds to the attacker. Unfortunately, they were able to find a few bad apples. Our systems are designed to mitigate the impact of something like this, so less than 1% of our monthly transacting users had their records accessed, but this is still unacceptable. I want to tell you what we’re doing about it. So first, any customers that were socially engineered as a result of this incident, we’re going to reimburse them. There’s more details on our website, on our blog post about the reimbursement process. You can read more there. Any customers who have been impacted by this or have been notified at this point. Number two, we’re hardening our systems around customer support to make something like this much more difficult in the future. And third, we’re actually relocating some of our customer support operations as a result of this. But the last step is maybe the most important, which is that instead of paying this $20 million ransom, we’re turning it around and we’re putting out a $20 million award for any information leading to the arrest and conviction of these attackers. For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice. And now you have my answer.”
