The US Department of Justice (DoJ) has launched an investigation into the recent security breach at crypto exchange Coinbase (Nasdaq: COIN). The breach involved a leak of internal documents and data linked to a “small subset” of customer accounts, which perpetrators accessed by bribing overseas support agents of the company.
First reported by Bloomberg, citing “a person familiar with the matter”, Coinbase’s Chief Legal Officer, Paul Grewal, also confirmed the investigation is underway.
Paul Grewal, Chief Legal Officer, Coinbase, Source: LinkedIn
“We have notified and are working with the DOJ and other US and international law enforcement agencies, and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Grewal said.
The DoJ has not commented publicly on the investigation.
A Socially Engineered Attack
Coinbase disclosed the breach last week after the perpetrators contacted the company, demanding a $20 million ransom. The exchange refused to pay, instead offering a $20 million reward for information leading to the identification of those responsible.
The stolen data includes names, addresses, emails, account balances, masked bank details, and partial Social Security numbers. Importantly, private keys and passwords were not accessed, and Coinbase confirmed that Prime accounts were unaffected.
The incident came to light on 11 May when Coinbase received an email from an unidentified threat actor claiming access to internal documents and the details of certain customer accounts. The exchange now expects the financial impact of the cyberattack to range between $180 million and $400 million.
In April, Coinbase announced changes to its user agreement that added two clauses limiting class action lawsuits and requiring lawsuits to be filed in New York. The changes apply to disputes initiated after May 15.
On May 14, Coinbase disclosed a data breach. pic.twitter.com/ffMR2K4YRo
— Molly White (@molly0xFFF) May 20, 2025
Is Coinbase’s Security Now in Question?
Despite the recent breach, Coinbase remains one of the few major crypto exchanges not previously impacted by a full-scale cyberattack.
Earlier this year, Bybit suffered a record $1.5 billion crypto theft, allegedly carried out by North Korea’s Lazarus Group, which exploited vulnerabilities in its cold wallet infrastructure. In 2022, Binance, the world’s largest crypto exchange by volume, also fell victim to a breach when attackers minted 2 million BNB tokens, worth around $570 million at the time.
Meanwhile, Coinbase was added to the S&P 500 index yesterday, replacing Discover Financial Services. The US-based exchange has also agreed to acquire crypto options platform Deribit for $2.9 billion and is reportedly bidding to acquire stablecoin issuer Circle.
The US Department of Justice (DoJ) has launched an investigation into the recent security breach at crypto exchange Coinbase (Nasdaq: COIN). The breach involved a leak of internal documents and data linked to a “small subset” of customer accounts, which perpetrators accessed by bribing overseas support agents of the company.
First reported by Bloomberg, citing “a person familiar with the matter”, Coinbase’s Chief Legal Officer, Paul Grewal, also confirmed the investigation is underway.
Paul Grewal, Chief Legal Officer, Coinbase, Source: LinkedIn
“We have notified and are working with the DOJ and other US and international law enforcement agencies, and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Grewal said.
The DoJ has not commented publicly on the investigation.
A Socially Engineered Attack
Coinbase disclosed the breach last week after the perpetrators contacted the company, demanding a $20 million ransom. The exchange refused to pay, instead offering a $20 million reward for information leading to the identification of those responsible.
The stolen data includes names, addresses, emails, account balances, masked bank details, and partial Social Security numbers. Importantly, private keys and passwords were not accessed, and Coinbase confirmed that Prime accounts were unaffected.
The incident came to light on 11 May when Coinbase received an email from an unidentified threat actor claiming access to internal documents and the details of certain customer accounts. The exchange now expects the financial impact of the cyberattack to range between $180 million and $400 million.
In April, Coinbase announced changes to its user agreement that added two clauses limiting class action lawsuits and requiring lawsuits to be filed in New York. The changes apply to disputes initiated after May 15.
On May 14, Coinbase disclosed a data breach. pic.twitter.com/ffMR2K4YRo
— Molly White (@molly0xFFF) May 20, 2025
Is Coinbase’s Security Now in Question?
Despite the recent breach, Coinbase remains one of the few major crypto exchanges not previously impacted by a full-scale cyberattack.
Earlier this year, Bybit suffered a record $1.5 billion crypto theft, allegedly carried out by North Korea’s Lazarus Group, which exploited vulnerabilities in its cold wallet infrastructure. In 2022, Binance, the world’s largest crypto exchange by volume, also fell victim to a breach when attackers minted 2 million BNB tokens, worth around $570 million at the time.
Meanwhile, Coinbase was added to the S&P 500 index yesterday, replacing Discover Financial Services. The US-based exchange has also agreed to acquire crypto options platform Deribit for $2.9 billion and is reportedly bidding to acquire stablecoin issuer Circle.
