Is Coinbase Closing Accounts For Paying Ransoms With Bitcoins?

Even as some comparnies are stockpiling bitcoins so they can quickly pay ransom demands, security firms that try paying those ransoms may face losing their accounts on Coinbase. Slashdot reader Mosquito Bites quotes a report from CoinDesk: Less than a year ago, Vinny Troia, CEO and principal security consultant of Night Lion Security and a certified white hat hacker, was sent a compliance form by US bitcoin exchange Coinbase, where he had an account. Coinbase wanted to know how Troia was using bitcoin and his account. "I told them I run a security firm. I pay for ransoms and buy documents on the dark web when clients request it," Troia told CoinDesk. The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years. Many, like the well-publicized WannaCry attack, are asking for bitcoin.

And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.

Re:Well Done, Coinbase!

[Shoten]

Security companies should not be allowed to act as front companies for cybercriminals anymore than they should be allowed to assassinate people for pay. Let's hope there's a criminal investigation as well. Perhaps this one was even directly involved in the original crimes, not only encouraging them...

You're not paying attention.

The security company wasn't accepting payment on behalf of ransomware actors. They were facilitating the payment TO ransomware actors on behalf of companies that aren't familiar with bitcoin and have no accounting methodology to make such a payment before the ransomware runs out. They were a front for the victims, not the criminals.

It's akin, in a rough way, to what K&R companies like Control Risk do when it comes to ransoms in the real world. There are right ways and wrong ways to pay a ransom, and they are intimately familiar with the difference. As a result, they step in when one of their clients has a kidnapping situation and manage the whole thing to help get the person back safely. And yes, this usually does involve paying the ransom.

The real motive by Coinbase is probably a fear that they'll be accused of helping facilitate criminal activity. Bitcoin exchanges are on the narrow edge of falling under regulation, but it could also go another way (*cough*Liberty Reserve*cough*) for any particular exchange if the regulators in their country feel that they are guilty of money laundering. As a result, Coinbase is taking proactive measures to be able to prove that they, well, proactively avoid facilitating crime. I don't necessarily agree with it, but I can at least see where it came from.

Why?

[wardrich86]

Why the hell are people paying the ransoms in the first place? This is just encouraging more people to make these types of viruses. Make fucking backups of your shit, fire the moron that unleashed the virus in your network, restore from backup, and carry on with life.

Re:Why?

[Kjella]

Why the hell are people paying the ransoms in the first place? This is just encouraging more people to make these types of viruses. Make fucking backups of your shit, fire the moron that unleashed the virus in your network, restore from backup, and carry on with life.

Do you really have to ask? The number of people who'll just use anything until it breaks without proper maintenance is staggering. I'll gladly admit that while computers is "my thing" there's probably something about some filters on my washing machine or leather care for my couch or oiling the terrace boards I don't do. If you start asking when somebody last checked my electrical system, plumbing etc. I get even more "eh..." and if my car didn't have to be checked every two years by law I'd probably forget all about that too.

Backups are the computer equivalent of painting the garage, it's always almost at the top of your list but mysteriously enough never reaches the top. I finally caved in and decided to hire a maid service not because I can't scrub a toilet but whenever that floated to the top of my TODO list I kept putting it off over and over again. So I understand people, should have had backups. Should have tested the backups. Should have patched Windows. Should have updated their anti-virus. Except they never got around to it.

Re:Muslim attack in London

Holy shit you really don't get it.

This is what they do. They infiltrate countries under the guise of refugees, then slowly manipulate and demand their way to instigate Shariah Law. Once they've done that, you'd better fucking believe the sword awaits anyone who dares stand against them.

This. Is. What. They. Do.

They do *exactly* what you lefties claim to hate, "meddling in the business of people who aren't part of their own religion", and yet you still let them in to your countries, get your warm fuzzies about supporting an apparently underprivileged minority, then wonder why they won't integrate into your society. It's just cultural, you tell yourself.

They are worse in every measurable way than the Christians whom you apparently despise so much, but you can't see the cognitive dissonance.

You still think "we" are the bullies? You almost deserve what's coming.

Re:Good

[swb]

When I read the summary, I thought to myself that "white hat" hackers are merely facilitating a security economy by buying hacks, documents, etc. They may not specifically commit criminal hacks and may actually be "defenders" of their clients, but in a lot of ways they kind of look like just middle men.

I'm pretty sure there's been plenty of cons run where "the bad guys" steal something and a person claiming to be a "good guy" approaches the victim and says "I'm a white hat, I have contacts and can get your stuff back" and then they transfer the money to the bad guys in exchange for the goods. Meanwhile, does it matter in this transaction whether they belonged to the bad guys all along or whether they were independent good guys?

From an economics perspective, it sounds like a distinction without a difference. Same transactions take place, with the only difference being that if the "good guy" really is an independent agent, it might actually cost more because the good guy will extract their own fee for handling the transaction (which, if he was a bad guy, may have also been rolled in for appearance sake).

Re:Is it illegal?

[Shoten]

As discussed here Cyber extortion - legality of ransom payments and the approach of businesses and insurers it shows under international law, cyber extortion payments arent illegal unless they are terrorism related.

I dont believe Coinbase should be denying access to legitimate funds, that arent terrorism related, unless they want to get regulated... this would be the first step to ruining their little monopoly.

They aren't worried about "international law" (which, incidentally, is barely a thing unless you are a war criminal or something else so egregious that most of the world is willing to support a method around prosecuting you.) They're worried about local laws, which are a lot more real. The absence of relevant criminal statutes under international law will not protect you against regulatory or criminal proceedings in nations where you operate.

They're worried about being blamed for money laundering, so they're being proactive and trying to catch anything in their system that they can possibly tie to criminal activity. Unfortunately for everyone, not too many options for doing this exist outside of going after ransomware payments...so that's what they've gone after. I can sort of understand it...bitcoin isn't exactly transparent, and the day is coming when regulators will be deciding who is good and who is bad here. It does make good business sense to demonstrate a "best effort" to steer clear of being designated as "bad," or at least "bad-friendly." I think it's a dick move, but I do understand the motivation behind it.

Re:Punt coinbase?

[harryk]

The issue is really about purchasing bitcoin (especially at significant volumes). Coinbase is more of a retail outlet, while GDAX is the exchange. And yes, you can use Local Bitcoin at about a 17% markup (depending on location) but if he's trying to run a business having a mark-up that high sucks.

Really the issue is Coinbase and they super paranoia for risk avoidance. On the one hand, you can't blame them for protecting their business from auditors/regulators and the power they weild. On the other hand, they're really the only reputable place you can buy bitcoin in the US without paying ridiculous fees. Sure, you can setup accounts at Cex.IO, or Bitfinex (the latter of which is not currently accepting US deposits) but international wires are kind of a pain to deal with.

What really needs to happen, IMO, is Coinbase needs to be clearer on activity they will and will not tolerate/accept risk for and there should be more of a discussion on how that risk is evaluated. Risk/Compliance departments aren't always so harsh on what they don't accept, Coinbase is definitely taking the extreme position in many of these cases making it more and more difficult for reputable purchasers to make legitimate buys.

Re:Punt coinbase?

[david_thornley]

This is Coinbase trying to avoid the Feds poking into their business.