Coinbase CEO Brian Armstrong has publicly addressed a recent cyberattack that targeted the company’s customer data through insider collusion and led to a $20 million inBitcoin ransom demand.
In a video statement shared on X, Armstrong confirmed thatCoinbase had received a threatening email from cybercriminals claiming to possess sensitive customer information and demanding payment in Bitcoin to keep it private.
card
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Armstrong rejected the demand outright and stated that the exchange would not comply. Instead, the company is offering a $20 million reward for information that results in the identification, arrest and conviction of those responsible for the attack.
What happened?
According to Coinbase, the breach originated from a group of overseas customer support agents who were bribed and recruited by the attackers. These rogue insiders abused limited access privileges to obtain personal customer data such as names, dates of birth and addresses.
Although passwords, private keys and funds were not compromised, the information accessed was used to launch social engineering attacks aimed at tricking customers into transferring funds to the attackers.
card
The company reported that less than 1% of its monthly transacting users were affected. Coinbase acknowledged the breach as unacceptable.
As part of its response, the major U.S. exchange is relocating some of its customer support operations and implementing additional security measures to strengthen protections around customer data.
The exchange also confirmed it will fully reimburse any customers who were deceived into sending funds as a result of the attack. Details of the reimbursement process are available on the company’s website.
