Coinbase, the largest cryptocurrency exchange in the US, disclosed Thursday that it is investigating a data breach involving bribed overseas support agents who accessed sensitive customer information as part of a broader extortion scheme.
The company said the attackers are demanding $20 million to prevent the release of the stolen data—demands Coinbase has refused to meet.
In a filing with the Securities and Exchange Commission, Coinbase reported that it received an email on May 11 from an unknown party claiming possession of internal company documents and data related to certain customer accounts. The individual threatened to release the information unless paid a ransom. Coinbase confirmed the threat was credible and is now working with law enforcement to pursue the perpetrators.
The stolen data does not include passwords, private keys, or direct access to customer funds, Coinbase stated. However, it does include sensitive personal details such as names, addresses, phone numbers, email addresses, partial Social Security numbers, masked bank account numbers, images of government-issued IDs, and account balances.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company wrote in a blog post.
Coinbase emphasized that only a small subset of customers was affected and that its Coinbase Prime institutional accounts were not compromised.
The breach, which the company said it had detected independently prior to the extortion attempt, could cost Coinbase an estimated $180 million to $400 million in remediation and reimbursements. The company has pledged to fully compensate users who may have been deceived into transferring funds to the attackers.
Coinbase has already taken internal action by terminating the involved employees and contractors, notifying impacted customers, and implementing enhanced fraud detection measures. The company also announced plans to open a new US-based support hub to bolster security around customer service operations.
“We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand,” Coinbase said.
Instead, it is offering a $20 million reward for information that leads to the arrest and conviction of those responsible.
The incident comes at a pivotal moment for Coinbase, which is set to join the S&P 500 index next week—making it the first crypto exchange to be included in the prestigious benchmark. Despite the broader optimism surrounding the company, the breach weighed on investor sentiment, with Coinbase shares falling over 6% in early trading Thursday.
Cyberattacks targeting cryptocurrency firms have become increasingly common. According to blockchain analytics firm Chainalysis, hackers stole more than $2.2 billion in crypto assets last year, with the Asia-Pacific region being the most heavily targeted. The growing integration of crypto into mainstream finance has amplified calls for stronger security protocols and regulatory oversight.
Coinbase reiterated that while customer funds remain secure, the incident underscores the evolving threats facing digital asset platforms.
With input from CNBC, the Wall Street Journal, the Financial Times.
The latest news in your social feeds
Subscribe to our social media platforms to stay tuned