Key Insights
-
Coinbase disclosed a data breach involving bribed overseas customer support contractors who leaked sensitive user data, prompting the company to terminate those involved and alert law enforcement.
-
Hackers demanded $20 million in Bitcoin as ransom to prevent disclosure of the stolen information. Coinbase refused and instead offered a $20 million bounty for tips leading to arrests.
SAN FRANCISCO, (MarketsXplora) – Coinbase Global Inc. said it expects to incur between $180 million and $400 million in expenses following a security breach involving bribed overseas contractors and a failed $20 million extortion attempt by cybercriminals.
According to a blog post and a filing with the U.S. Securities and Exchange Commission (SEC) on Wednesday, the world’s third-largest cryptocurrency exchange disclosed that attackers gained unauthorized access to personal customer data by collaborating with several external customer support contractors. The data theft affected less than 1% of Coinbase’s monthly transacting users, the company said.
How Did Bribed Contractors Help Hackers Breach Coinbase User Data?
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” the company wrote.
While Coinbase confirmed that funds, passwords, private keys, and Coinbase Prime accounts were not compromised, the exposed information included names, addresses, phone numbers, masked Social Security and bank account numbers, government-issued IDs, account balances, and some internal corporate data.
The breach came to light after Coinbase received an email from the unknown threat actors on May 11. The attackers issued a ransom demand for $20 million in Bitcoin, threatening to release the stolen information if not paid. CEO Brian Armstrong confirmed receiving the extortion note but stated that Coinbase refused to comply.
Instead, the company is offering a $20 million bug bounty to anyone who can provide information leading to the identification, arrest, and conviction of those responsible.
The company responded swiftly by terminating the contractors implicated in the breach and referring the matter to both U.S. and international law enforcement agencies. Criminal charges will be pursued, Coinbase said.
Related! Coinbase Fires Indian Contractors After Data Breach Linked to Phishing Attacks
Damages may hit $400M
The breach has had financial repercussions. Coinbase’s shares dropped more than 4% during early U.S. trading hours on Wednesday, falling below $253.
In its SEC filing, Coinbase outlined preliminary estimates of $180 million to $400 million in remediation expenses, including “voluntary customer reimbursements.” The firm confirmed that it would reimburse users who were tricked into sending funds to the attackers through phishing and social engineering scams.
Security concerns surrounding such scams have grown in recent months. Blockchain analyst ZachXBT, who first raised concerns about Coinbase-related scams in February, estimated that Coinbase users have collectively lost more than $300 million annually to social engineering schemes. In the week leading up to May 7 alone, an estimated $45 million in user funds were lost to phishing attacks, he reported.
Coinbase has pledged to strengthen its internal data governance and restructure parts of its customer support operations to reduce the risk of future breaches. In 2024, Coinbase was reported as the most impersonated cryptocurrency brand by scammers, a trend the company acknowledged as part of its broader security challenges.
When contacted for comment, Coinbase referred to its public blog post and Armstrong’s statement on social media platform X. The company said it remains committed to transparency and user protection as it recovers from the attack and enhances its defenses against rising social engineering threats.