Comment by hypeatei
18 hours ago
Whatever you think of Coinbase, this is a pretty good response IMO:
> and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible
That's the same move from the Ransom movie from 1996 https://youtu.be/haThIxPnYro?si=Jxu0elA-ylB5Z15q
I’d say the better thing for customers would be to pay the ransom demand and get the PII back. If they want to fund a reward scheme too, well great, but if it were my data, I’d care more about Coinbase limiting the breach of the data, not playing around with retaliatory rewards.
There is no guarantee that an anonymous criminal is going to hold up their end of the agreement. Coinbase has no idea who they're negotiating with or where that data has been shared.
That, and they're reimbursing customers who were tricked.
In addition, paying the ransom would be an open invitation for everybody else to try the same attack, with the net result that all customers are less secure in the long run.
Limiting? The damage is already done.
I love it. This also would have been a great opportunity to break out of corporate speak for a moment for a good “Up yours hacker assholes!” Even us folks in the Bible Belt appreciate a well timed swear word here and there.