Is Coinbase Closing Accounts For Paying Ransoms With Bitcoins?

Even as some comparnies are stockpiling bitcoins so they can quickly pay ransom demands, security firms that try paying those ransoms may face losing their accounts on Coinbase. Slashdot reader Mosquito Bites quotes a report from CoinDesk: Less than a year ago, Vinny Troia, CEO and principal security consultant of Night Lion Security and a certified white hat hacker, was sent a compliance form by US bitcoin exchange Coinbase, where he had an account. Coinbase wanted to know how Troia was using bitcoin and his account. "I told them I run a security firm. I pay for ransoms and buy documents on the dark web when clients request it," Troia told CoinDesk. The ransoms Troia helps his clients pay are those stemming from ransomware attacks, which have surged in number over the past few years. Many, like the well-publicized WannaCry attack, are asking for bitcoin.

And the documents? Troia said, "We do breach investigations a lot of times. If a fraudster is saying they're selling my client's stolen documents, the only way to make sure they have what they say they have is to buy those documents." According to Troia, Coinbase "did not like that at all." Coinbase then asked the IT expert whether he had a letter from the Department of Justice giving him permission to do those things. No, Troia said. Upon further research, Troia has not found that any such permission exists. But, "I have my clients authorizing me to do this," he said. Coinbase sent Troia back an email explaining that those actions were against the exchange's rules and shut down his account... "My entire family is blocked from Coinbase," he said.

Re:Punt coinbase?

[michelcolman]

Why do you even need an exchange for this kind of thing? Just use a wallet app, nobody can tell you what you can and cannot do with it.

(That doesn't mean I endorse paying ransoms, of course)

Re:Well Done, Coinbase!

[Shoten]

Security companies should not be allowed to act as front companies for cybercriminals anymore than they should be allowed to assassinate people for pay. Let's hope there's a criminal investigation as well. Perhaps this one was even directly involved in the original crimes, not only encouraging them...

You're not paying attention.

The security company wasn't accepting payment on behalf of ransomware actors. They were facilitating the payment TO ransomware actors on behalf of companies that aren't familiar with bitcoin and have no accounting methodology to make such a payment before the ransomware runs out. They were a front for the victims, not the criminals.

It's akin, in a rough way, to what K&R companies like Control Risk do when it comes to ransoms in the real world. There are right ways and wrong ways to pay a ransom, and they are intimately familiar with the difference. As a result, they step in when one of their clients has a kidnapping situation and manage the whole thing to help get the person back safely. And yes, this usually does involve paying the ransom.

The real motive by Coinbase is probably a fear that they'll be accused of helping facilitate criminal activity. Bitcoin exchanges are on the narrow edge of falling under regulation, but it could also go another way (*cough*Liberty Reserve*cough*) for any particular exchange if the regulators in their country feel that they are guilty of money laundering. As a result, Coinbase is taking proactive measures to be able to prove that they, well, proactively avoid facilitating crime. I don't necessarily agree with it, but I can at least see where it came from.