Coinbase Foils Extortion Attempt

Mars1 November 30, 2022

Coinbase fended off a blackmail attempt from a malicious actor who threatened to expose customer records if the exchange didn’t pay a $450,000 ransom.

The blackmailer claimed to have access to 306 million decrypted customer records. Upon investigation and communication with the blackmailer, Coinbase’s security team determined that there had been no security breach or theft of customer records.

Coinbase officially claims to have 108 million verified users in more than 100 countries. It averaged 8.8 million monthly active users in 2021.

Coinbase normally collaborates with law enforcement when it comes to illegal activity. However, it did not elaborate on whether it would pursue the law enforcement route in this case.

“This is an absolutely baseless extortion attempt. The individual is falsifying information to come across as legitimate and they’re just trying to extort money out of companies. I’m sure we’re not the first company on their list or the only scam they have running,” Coinbase Chief Information Security Officer Jeff Lunglhofer told Coindesk.

Coinbase did take the opportunity to highlight its bug bounty program, which offers rewards for pinning down potential security holes. It offers rewards ranging from $200 to $50,000 for finding potential issues with its system. It recently added categories like Fraud Loss, Staking Loss, MNPI exposure (also known as “unfair market advantages”), and third-party provider issues.

In the November 30 blog post about its bug bounty program, Coinbase cited a recent case in which Uber’s former chief security officer, Joe Sullivan, was convicted of charges related to the covering up of a $100,000 ransom payment in a similar extortion scheme.

Coinbase cited the extortion attempt as the wrong way to report a bug and receive a bounty. The malicious actor failed to validate the claim and threatened to exploit the alleged bug. The blackmailer also threatened to contact major news sites like Vice and CBS about the allegedly exposed customer records.

Lunglhofer especially cited the need to avoid attempts at extortion when making a bug report, calling it criminal.

“A bug bounty submission can never contain threats or any attempts at extortion. We are always open to paying bounties for legitimate findings,” says Lunglhofer. “Ransom demands are an entirely different matter.”

It’s not like Coinbase would refuse to pay out a properly reported bounty. In the ten years of its bug bounty program, it paid $400,000 in bounties and resolved 600 reported bugs. The largest one went to a researcher who found a vulnerability in its trading interface and received $250,000 in February 2022.

More Stories

Screenshot from 2025-05-27 13-25-37

Highlights of Bitcoin 2025 Conference: Art Show, Transaction Fee Savings, Politicians, and a Pitbull

Mars1 May 27, 2025
bitcoin

Lawsuits Pile Up at End of Digital Asset Markets’ Rough 2022

Mars1 December 29, 2022
sam-bankman-fried-steps-down-ceo-ftx-3977428542

U.S. Judge Recuses Herself From Sam Bankman-Fried Fraud Case

Mars1 December 28, 2022

You may have missed

Terry Virts

Astronaut Terry Virts to Run For Senate

Mars1 June 24, 2025
Lilo and Stitch

Lilo and Stitch Live Action: No Fairy Tale Ending Here

Mars1 June 9, 2025
Jared Isaacman.jpg

Trump Administration Suspends Jared Isaacman’s Nomination as NASA Administrator

Mars1 June 1, 2025
unnamed

GUESS Watches Launches 2025 Worn With Pride Collection

Mars1 May 28, 2025
Screenshot from 2025-05-27 13-25-37

Highlights of Bitcoin 2025 Conference: Art Show, Transaction Fee Savings, Politicians, and a Pitbull

Mars1 May 27, 2025