Coinbase Confirms Major Data Breach Involving Insider Bribery and $20M Extortion Attempt
On May 15, 2025, Coinbase, one of the largest cryptocurrency exchanges, disclosed a significant data breach involving bribed overseas customer support agents who leaked sensitive user data. The attackers demanded a $20 million ransom, which Coinbase refused to pay.
-What Happened
The breach occurred when cybercriminals bribed offshore support contractors to access and extract customer data, including names, addresses, phone numbers, and government-issued ID images. This information was then used in targeted phishing campaigns aimed at deceiving users into revealing their account credentials.
Coinbase estimates that less than 1% of its users were affected. Importantly, no passwords, private keys, or funds were compromised. The company has pledged to fully reimburse any customers who suffered losses due to the breach.
-Financial Impact
Coinbase reported that the incident could cost the company between $180 million and $400 million in remediation and customer compensation expenses. Following the announcement, Coinbase’s stock experienced a decline in pre-market trading.
-Response and Investigation
The company has reported the extortion attempt to law enforcement and is offering a $20 million bounty for information leading to the arrest and conviction of those responsible. Coinbase has also terminated the involved contractors and is implementing enhanced security measures to prevent future insider threats.
-What Users Should Do
• Be Vigilant: Be cautious of unsolicited communications claiming to be from Coinbase.
• Verify Sources: Always verify the authenticity of messages before clicking on links or providing information.
• Enable Security Features: Ensure two-factor authentication (2FA) is enabled on your account.
• Monitor Accounts: Regularly check your account for any suspicious activity.