Coinbase (COIN) has confirmed that cyber criminals “bribed and recruited” a group of rogue support agents that facilitated the theft of user data.
The crypto exchange added in a blog post that it will “reimburse customers who were tricked into sending funds to the attacker.” It has also offered a $20 million bug bounty for anyone that provides information leading to an arrest.
The confirmation of cyber criminal activity comes three months after on-chain sleuth ZachXBT claimed that Coinbase users had lost $300 million to social engineering scams.
Coinbase also said that the criminals secured government ID images, account balances and corporate data. Two-factor authentication codes and private keys were not breached, it added.
The exchange fired staff involved in the breach on the spot and referred to U.S. and international law enforcement. It will also press criminal charges.
Coinbase did not immediately respond to CoinDesk’s request for comment in regards to ZachXBT’s $300 million claim.