Coinbase says a criminal gang bribed a small number of overseas customer support agents and persuaded them to copy data from internal systems. The attack touched fewer than 1% of people who trade on the platform each month.
Coinbas reports that the copied files held names, addresses, phone numbers, email addresses, masked social security numbers, some bank details, identity document images, account totals, snapshots and transaction lists.
The thieves wanted such information so they could pretend to be Coinbase workers, call or message users and trick them into handing over cryptocurrency… And by the way, passwords, two-factor codes, private keys and funds stayed out of reach.
Coinbase also adds that corporate accounts on its Prime service and both hot and cold company wallets were untouched, so at least the primary infrastructure stayed safe. They assured on their blog post that transparency is a main priority when it comes to its security culture and decided to publish the details for the public record.
How Did This Play Out?
After copying the data, the attackers contacted Coinbase and demanded a ransom of $20 million to hush up the breach. Coinbase refused, stating that paying criminals would only make it okay, and normalise for more cybercrime to take place, and honestly, worry clients out more.
Instead, as Coinbase has put it, the exchange set up a matching $20 million reward for information that leads to the arrest and conviction of the culprits. Tips can be sent to [email protected] with “BOUNTY” in the subject line.
Coinbase fired the shady agents on the spot and referred them to United States and international law enforcement bodies. Wallet addresses linked to the gang have been tagged so investigators can trace any attempt to transfer digital assets.
More from News
- Trump Lifts Sanctions in Syria: What Does This Mean For Syrian Businesses?
- Retail Cyber Attacks: Cartier And North Face Are The Next Retailers Affected
- A Look At The Different Technologies Volvo Is Bringing To Its Cars
- Klarna Launches Debit Card To Diversify Away From BNPL
- T-Mobile Now Has Fibre Internet Plans Available For Homes
- Bitdefender Finds 84% of Attacks Use Built In Windows Tools, Here’s How
- Japan Starts Clinical Trials For Artificial Blood Which Is Compatible With All Blood Types
- UK Unicorn Monzo Breaks £1 Billion in Revenue
What Will Coinbase Do To Protect Now?
Coinbase says every person whose data was touched received an email at 7:20am Eastern Time on 15 May. The message explained what happened and explained the next measures.
The company has promised to reimburse any retail user who, because of the scam, sent coins to addresses controlled by the criminals before the public announcement. Each claim will be checked to confirm the timeline and circumstances.
Affected accounts now have to go through extra procedures before making large withdrawals. These users must clear additional ID checks and see scam awareness prompts that remind them never to share passwords or two-factor codes, and never to transfer funds to new “safe” wallets.
Coinbase will add a new support hub in the United States, bringing more staff under domestic oversight. Security monitoring and insider threat detection across every site have already been worked on to be tougher.
Internal teams are already running attack simulations to uncover any weak spots in support tools, and the exchange promises to keep the community informed publicly and clearly as the inquiry continues at every stage.
How Much Are They Looking At?
A regulatory filing issued yesterday estimates Coinbase may spend $180 million to $400 million on clean up and refunds. The estimate could change after investigators tally the final loss and any money recovered.
For a company that recorded nearly $5 billion in 2024 revenue, the projected bill is large but not the worst it could’ve been. Coinbase says that customer trust, not the cash sum, is the decisive factor.
Security consultants say the tactic of bribing support staff has grown more common across the tech sector because the victims hold passports, licences and additional personal records that fetch high prices in criminal markets.
Earlier this week Marks & Spencer also disclosed a data breach, once again showing just how personal details can vanish even when payment information stays protected. The Coinbase situation really is showing what issues and dangers digital finance platforms face outside traditional banking, and its so important to make sure these are prevented going forward.
