A cyberattack that exploited insider access has forced
Coinbase into damage control mode, triggering a potential $400 million hit and
intensifying scrutiny on workforce security in the crypto industry.
The hackers behind the breach reportedly stole
sensitive customer data, they also issued a $20 million ransom demand, which
Coinbase refuses to pay, CNBC reported.
The exchange disclosed that rogue overseas support
agents accepted bribes to leak internal documents and data tied to a
“small subset” of customer accounts.
This information included names, addresses, emails,
account balances, masked bank details, and partial Social Security numbers.
Crucially, private keys and passwords were not accessed, and Coinbase said
Prime accounts remained secure.
🚨 BREAKING: Coinbase says cybercriminals bribed overseas support agents to access customer data used in targeted social engineering attacks.
Coinbase won’t pay the $20M ransom demand, offering a $20M reward instead for info leading to the attackers’ arrest and conviction. pic.twitter.com/h1b44k9GxY
— Cointelegraph (@Cointelegraph) May 15, 2025
Ransom Rejected
Coinbase said it received an email on May 11 from a
threat actor claiming to possess stolen customer data and sensitive internal
documentation. Rather than give in to the extortion, Coinbase reported the
incident to authorities and launched its own counteroffensive, establishing a
$20 million reward fund for information leading to the hackers’ arrest.
The company independently detected signs of the breach
earlier this year and swiftly fired the implicated contractors. It also
reinforced fraud monitoring and alerted affected users.
The breach comes at a pivotal moment for Coinbase. The
company is preparing to enter the S&P 500 next week, a landmark achievement
for the crypto sector. But the breach now raises questions about internal
oversight and the security of third-party staffing.
Despite not losing funds directly to the attack,
Coinbase pledged to reimburse users who were deceived into sending crypto to
the attackers during social engineering scams. The breach is another reminder
of the persistent security challenges in the digital asset space.
A Growing Trend of Sophisticated Cyberattacks
Crypto firms remain frequent targets for hackers.
According to Chainalysis, as cited by Reuters, criminals stole $2.2 billion from crypto platforms in
2024 alone. In February, Bybit disclosed what became one of the largest crypto
heists in history, with losses of around $1.5 billion.
JUST IN: Bybit founder confirms $1.4 billion $ETH hack, asserts solvency even if losses remain uncovered. pic.twitter.com/8rE3KHrGRL
— Whale Insider (@WhaleInsider) February 21, 2025
Coinbase, the largest crypto exchange in the U.S., plans to open a new support hub stateside and strengthen its
operational safeguards.
A cyberattack that exploited insider access has forced
Coinbase into damage control mode, triggering a potential $400 million hit and
intensifying scrutiny on workforce security in the crypto industry.
The hackers behind the breach reportedly stole
sensitive customer data, they also issued a $20 million ransom demand, which
Coinbase refuses to pay, CNBC reported.
The exchange disclosed that rogue overseas support
agents accepted bribes to leak internal documents and data tied to a
“small subset” of customer accounts.
This information included names, addresses, emails,
account balances, masked bank details, and partial Social Security numbers.
Crucially, private keys and passwords were not accessed, and Coinbase said
Prime accounts remained secure.
🚨 BREAKING: Coinbase says cybercriminals bribed overseas support agents to access customer data used in targeted social engineering attacks.
Coinbase won’t pay the $20M ransom demand, offering a $20M reward instead for info leading to the attackers’ arrest and conviction. pic.twitter.com/h1b44k9GxY
— Cointelegraph (@Cointelegraph) May 15, 2025
Ransom Rejected
Coinbase said it received an email on May 11 from a
threat actor claiming to possess stolen customer data and sensitive internal
documentation. Rather than give in to the extortion, Coinbase reported the
incident to authorities and launched its own counteroffensive, establishing a
$20 million reward fund for information leading to the hackers’ arrest.
The company independently detected signs of the breach
earlier this year and swiftly fired the implicated contractors. It also
reinforced fraud monitoring and alerted affected users.
The breach comes at a pivotal moment for Coinbase. The
company is preparing to enter the S&P 500 next week, a landmark achievement
for the crypto sector. But the breach now raises questions about internal
oversight and the security of third-party staffing.
Despite not losing funds directly to the attack,
Coinbase pledged to reimburse users who were deceived into sending crypto to
the attackers during social engineering scams. The breach is another reminder
of the persistent security challenges in the digital asset space.
A Growing Trend of Sophisticated Cyberattacks
Crypto firms remain frequent targets for hackers.
According to Chainalysis, as cited by Reuters, criminals stole $2.2 billion from crypto platforms in
2024 alone. In February, Bybit disclosed what became one of the largest crypto
heists in history, with losses of around $1.5 billion.
JUST IN: Bybit founder confirms $1.4 billion $ETH hack, asserts solvency even if losses remain uncovered. pic.twitter.com/8rE3KHrGRL
— Whale Insider (@WhaleInsider) February 21, 2025
Coinbase, the largest crypto exchange in the U.S., plans to open a new support hub stateside and strengthen its
operational safeguards.
