Major crypto exchange Coinbase has issued an urgent alert to its users following a targeted security incident, publicly detailing an extortion attempt against it and its customers in a recent official blog post.Coinbase disclosed that cybercriminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These bad actors used cash offers to convince a small group of insiders to copy data in the Coinbase customer support tools for less than 1% of Coinbase's monthly transacting users.
Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: https://t.co/SidVn59JCV
— Coinbase 🛡️ (@coinbase) May 15, 2025
They aimed to compile a customer list they could contact while pretending to be Coinbase and tricking individuals into handing over their crypto. They then attempted to extort Coinbase for $20 million to cover this up, but it declined.
card
While a small subset of customers, less than 1% of Coinbase MTU, were affected, no passwords, private keys or funds were exposed, and Coinbase Prime accounts remain untouched. Coinbase stated it will reimburse customers tricked into sending funds to the attacker while cooperating closely with law enforcement to pursue the harshest penalties possible but will not pay the $20 million ransom demand.
Coinbase is establishing a $20 million reward fund for information that leads to the arrest and conviction of those responsible for the attack. Impact notices have been sent to affected users, and the community will be updated as the investigation progresses.
Urgent warning issued
Coinbase warned its users that imposters or scammers, whether related to the breach or not, may pose as Coinbase employees and try to pressure them into moving their funds.
Users should be aware that Coinbase will never request passwords, 2FA codes or asset transfers to a specific or new address, account, vault or wallet. It will never phone or text consumers to provide them with a new seed phrase or wallet address to transfer coins to. If they receive a call along these lines, they should not respond; Coinbase will never request that they contact an unknown number to reach it.
Coinbase outlined a few best practices, which include enabling withdrawal allow-listing, using strong 2FA with hardware keys and exercising caution before taking action.