Coinbase, a leading cryptocurrency exchange, has disclosed a data breach affecting less than 1% of its monthly transaction users. Criminals bribed overseas customer service agents to steal sensitive customer information. The attackers demanded a $20 million ransom, which the exchange boldly refused.
Coinbase’s Agents Assist Hackers
The cyberattack began when criminals targeted Coinbase’s overseas customer support agents, offering cash bribes to access internal systems. These rogue agents, entrusted with customer support tools, leaked data for a small fraction of the exchange’s user base, affecting less than 1% of monthly transacting users.
The stolen information included personal details like names, phone numbers, email addresses, and account data such as transaction histories and balances. However, no login credentials, two-factor authentication codes, or funds were compromised, and Coinbase Prime accounts remained untouched. The criminals then escalated their scheme, emailing the exchange on May 11, 2025, demanding $20 million in Bitcoin to keep the breach quiet.
Coinbase, reportedly, detected the breach independently and refused to comply, exposing the extortion attempt. The company estimates remediation costs could range from $180 million to $400 million, impacting its stock, which fell over 2% in premarket trading. The incident highlights the growing threat of social engineering in the crypto industry, where insiders can be exploited to facilitate scams.
$20M: For Bounty, Not for Ransom
Coinbase took swift action upon discovering the breach. The company terminated the involved employees, reported their identities to law enforcement, and enhanced fraud monitoring protections. Instead of paying the $20 million ransom, Coinbase turned the tables, offering a $20 million bounty for information leading to the arrest and conviction of the perpetrators.
The exchange has reiterated that affected customers will be reimbursed for any losses from social engineering scams, and is contacting them with guidance on how to secure their accounts. The company emphasized its commitment to transparency and security, urging users to beware of imposters posing as Coinbase staff and to lock accounts if suspicious activity is detected. CEO Brian Armstrong reassured users that no funds or login credentials were at risk.
The company is cooperating with law enforcement to pursue the harshest penalties for the culprits and has implemented stricter security measures, including additional ID checks for flagged accounts.
