Coinbase flips $20M extortion demand into bounty for info on attackers | CyberScoop<\/title> <meta name=\"description\" content=\"The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/coinbase-cyberattack-extortion-counter-reward\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Coinbase flips $20M extortion demand into bounty for info on attackers\"> <meta property=\"og:description\" content=\"The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/coinbase-cyberattack-extortion-counter-reward\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-16T16:50:58+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-16T16:58:22+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747157649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84578\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84578\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcoinbase-cyberattack-extortion-counter-reward%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcoinbase-cyberattack-extortion-counter-reward%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84578 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/coinbase-cyberattack-extortion-counter-reward\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.126213592233\">\n<div class=\"single-article__header-content\" readability=\"35.283062645012\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/coinbase-cyberattack-extortion-counter-reward\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84578\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"450\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers.jpg?resize=640%2C450&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg 7200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=300,211 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=768,539 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=1024,719 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=1536,1078 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=2048,1438 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=600,421 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=239,168 239w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=480,337 480w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=961,675 961w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-2.jpg?resize=1201,843 1201w\" sizes=\"(max-width: 961px) 100vw, 961px\"><figcaption> Monitors display Coinbase signage during the company’s initial public offering (IPO) at the Nasdaq market site April 14, 2021 in New York City. (Photo by Robert Nickelsberg\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"60.471058055651\"><body readability=\"121.42989614243\"><\/p>\n<p>Coinbase responded to a security incident with combative measures Thursday after the company said cybercriminals bribed some of the cryptocurrency exchange\u2019s international support staff to steal data on customers. The unnamed threat group stole personally identifiable information and other sensitive data on less than 1% of Coinbase\u2019s monthly users, the company said in a <a href=\"https:\/\/www.coinbase.com\/blog\/protecting-our-customers-standing-up-to-extortionists\">blog post<\/a>.<\/p>\n<p>The cybercriminals contacted customers under the guise of an employee at Coinbase in an attempt to dupe people into relinquishing their cryptocurrency. \u201cThey then tried to extort Coinbase for $20 million to cover this up. We said no,\u201d the company said.<\/p>\n<p>Coinbase flipped the script as part of its response. \u201cInstead of paying this $20 million ransom, we\u2019re turning it around and we\u2019re putting out a $20 million award for any information leading to the arrest and conviction of these attackers,\u201d Coinbase CEO Brian Armstrong said in a <a href=\"https:\/\/x.com\/brian_armstrong\/status\/1922967787309256807?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1922967787309256807%7Ctwgr%5E2f27d545ab2f0b0a72ad1525c062a3486f0c1010%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fu.today%2Fbreaking-coinbase-ceo-reacts-to-20-million-bitcoin-ransom-and-customer-data-attack\">video posted on X<\/a>.<\/p>\n<p>\u201cFor these would-be extortionists, or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice,\u201d he added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The move from the largest cryptocurrency exchange in the United States is rare, but not entirely unprecedented, especially in the crypto space.<\/p>\n<p>When North Korean-linked <a href=\"https:\/\/cyberscoop.com\/bybit-lazarus-group-north-korea-ethereum\/\">Lazarus Group stole $1.46 billion<\/a> in Ethereum from cryptocurrency exchange Bybit in February, the company announced a <a href=\"https:\/\/www.lazarusbounty.com\/en\/\">$140 million bounty program<\/a> for organizations that help trace or freeze the stolen funds.<\/p>\n<p>Coinbase\u2019s financial reward goes beyond that, however, by directly targeting the cybercriminals that gained access to customer data and initiated an extortion campaign. The company\u2019s decision poses ethical and judicial challenges.<\/p>\n<p>John Fokker, head of threat intelligence at Trellix, declined to speak about the Coinbase incident directly but said financial rewards for information about criminal activity belong under the purview of law enforcement. <\/p>\n<p>When money is up for grabs, especially an amount as high as $20 million, some people will feel justified in sentencing or judging a suspected criminal when they want to get the reward, he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThere\u2019s all these risks that could happen for individuals who are even acting up on it,\u201d Fokker added.<\/p>\n<p>Coinbase\u2019s public counter-extortion effort marks a reversal of the usual playbook, transforming breach response into a potential global manhunt, said Jason Soroko, senior fellow at cybersecurity firm Sectigo. <\/p>\n<p>\u201cThis move shifts the narrative from victimhood to proactive offense weaponizing transparency and financial incentive against cybercriminals,\u201d he said in an email. \u201cThis gambit sets a precedent for the digital asset industry bounties. Seeking justice rather than being silent is a new tactic.\u201d<\/p>\n<p>Coinbase is also working with industry partners and law enforcement to track and recover the assets. Insiders involved in the attacks were immediately fired and referred to U.S. and international law enforcement. \u201cWe will press criminal charges,\u201d the company said. <\/p>\n<p>The crypto giant also said it will reimburse customers who sent funds to the attackers prior to its public disclosure Thursday.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Stolen data includes names, addresses, phone numbers, email addresses, the last four digits of Social Security numbers, masked bank account numbers and identifiers, government ID images and account data. Coinbase corporate data, including documents related to account-management systems and communications available to support agents, was also compromised.<\/p>\n<p>Coinbase said it received an extortion demand from the threat group Sunday, but the company observed evidence of potentially malicious activity months prior, according to a <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/1679788\/000167978825000094\/coin-20250514.htm\">filing with the Securities and Exchange Commission<\/a>. <\/p>\n<p>\u201cThese instances of such personnel accessing data without business need were independently detected by the company\u2019s security monitoring in the previous months,\u201d Coinbase CFO Alesia Haas said in the SEC filing. \u201cUpon discovery, the company had immediately terminated the personnel involved and also implemented heightened fraud-monitoring protections and warned customers whose information was potentially accessed in order to prevent misuse of any compromised information.\u201d<\/p>\n<p>The company determined the prior instances of improper data access were part of a single campaign that resulted in data theft from internal systems. <\/p>\n<p>Coinbase said it instituted additional safeguards to monitor high-risk transactions, increased investment in insider-threat detection and plans to open a new support hub in the United States.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The company did not detail the amount of funds or number of customers impacted, but said an investigation into the full financial impact is ongoing. \u201cAny customers who have been impacted by this have been notified at this point,\u201d Armstrong said.<\/p>\n<p>Coinbase said its preliminary estimate puts costs related to remediation and customer reimbursements in the range of $180 million to $400 million. The company has a current market cap of $66.4 billion and was added to the S&P 500 earlier this week. <\/p>\n<p>The company\u2019s challenges don\u2019t end there. Hours after Coinbase disclosed the cyberattack and detailed its response, <a href=\"https:\/\/www.nytimes.com\/2025\/05\/15\/technology\/coinbase-sec-investigation.html\">The New York Times<\/a> reported the SEC is investigating whether the company previously inflated its user numbers in previous regulatory filings.<\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1328671328671\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/coinbase-cyberattack-extortion-counter-reward\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Coinbase flips $20M extortion demand into bounty for info on<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2701,282,78,323,679,46],"tags":[2704,286,86,327,680,54],"class_list":["post-7651","post","type-post","status-publish","format-standard","hentry","category-crypto","category-cybercrime","category-cybersecurity","category-extortion","category-financial","category-ransomware","tag-crypto","tag-cybercrime","tag-cybersecurity","tag-extortion","tag-financial","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crypto\/\" rel=\"category tag\">crypto<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/financial\/\" rel=\"category tag\">Financial<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7651"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7651\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7651,"date":"2025-05-16T11:50:58","date_gmt":"2025-05-16T16:50:58","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84578"},"modified":"2025-05-16T11:50:58","modified_gmt":"2025-05-16T16:50:58","slug":"coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/16\/coinbase-flips-20m-extortion-demand-into-bounty-for-info-on-attackers\/","title":{"rendered":"Coinbase flips $20M extortion demand into bounty for info on attackers"},"content":{"rendered":"