Coinbase Discloses Data Breach and Declines $20 Million Ransom
Coinbase has revealed a breach of user data due to the bribery of overseas support staff. The platform’s team refused to pay a $20 million ransom and took countermeasures.
Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: https://t.co/SidVn59JCV
— Coinbase ?️ (@coinbase) May 15, 2025
The company received an email from a perpetrator claiming to have information on some client accounts as well as internal documents.
Coinbase’s costs for resolving the incident and compensating clients will range from $180 million to $400 million, according to the company’s report to the SEC dated May 15.
Some users criticized the company for the delayed acknowledgment of the leak. Wintermute CEO Evgeny Gaevoy stated:
“This is the dark side of the idiotic and pointless KYC/AML regime we live in. It makes life a bit easier for law enforcement and geopolitical games while sacrificing our privacy, taxing virtually all businesses heavily, and making it easier for criminals to rob, kidnap, and commit crimes.”
Reports indicate that hackers paid several contractors and employees working in support services outside the U.S. to gather information from internal systems.
As a result, the perpetrators accessed data of “less than 1%” of clients, including names, addresses, and emails, according to the trading platform’s blog. However, passwords, private keys, and user funds were not compromised. Client assets on Coinbase Prime were also unaffected.
The exchange announced compensation for users who sent cryptocurrency to fraudsters as a result of social engineering attacks.
Coinbase has also enhanced security measures:
- High-risk accounts will undergo additional checks for large withdrawals;
- A new support center will be opened in the U.S., with strengthened security controls and monitoring across all divisions;
- The company is investing in insider threat detection.
Instead of paying the $20 million ransom for silence, Coinbase has created a reward fund of the same amount for those who help identify the perpetrators. The exchange is working with law enforcement, and the dismissed insiders have been handed over to investigators.
Coinbase reminded users that company representatives do not call or ask to transfer funds to “safe accounts” or provide 2FA codes.
Back in March, users of the exchange reported phishing emails. Perpetrators, posing as Coinbase, offered to transfer assets to new wallets using pre-generated seed phrases.
In May, on-chain investigator ZachXBT reported that within a week, perpetrators stole $45 million from users of the trading platform using social engineering methods.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!