US-listed company and well-known cryptocurrency exchange Coinbase announced on Thursday that due to hackers bribing overseas employees to obtain sensitive user data, the company could face losses of up to $400 million.
(Source: SEC)
As a result of this news, Coinbase's stock initially dropped over 8% after opening, and then narrowed to about a 5% decline. Earlier this week on Tuesday, the company had just surged 23% after being included in the S&P 500 index.
(Coinbase daily chart, source: TradingView)
Coinbase disclosed that on May 11, it received an anonymous threat letter stating that it had obtained the company's user information and internal documents, demanding $20 million in Bitcoin, or the information would be made public.
The company's CEO Armstrong also released a short video on Thursday, clearly stating that they will not pay the ransom and will offer a $20 million reward for information leading to the capture and conviction of the hackers.
(Source: X)
He introduced that after investigation, the company found that criminals had been trying to bribe overseas customer service personnel to obtain user information. Although the company's customer service tools do not leak account passwords or wallet keys, customer service personnel can still access information such as user names, birthdays, addresses, ID photos, account balances, and transaction histories. With this information, criminals can impersonate Coinbase customer service personnel to commit fraud.
Coinbase stated that the affected users are less than 1% of the monthly trading user base. In addition to enhancing security controls for these accounts, the company will fully compensate for the fraud losses caused by the data breach.
The announcement disclosed that preliminary estimates show this incident will lead to the company facing $180 million to $400 million in "remediation costs and voluntary user compensation." The company also stated that further review of potential losses and compensation claims may significantly increase or decrease this estimated amount.
It is worth mentioning that compared to looking for code vulnerabilities, this time hackers used so-called "social engineering attacks"—illegally obtaining data by exploiting vulnerabilities in internal personnel. Such crimes are becoming increasingly rampant in the cryptocurrency field.
Coinbase revealed that several months before receiving the ransom email, the company had already discovered multiple incidents of customer service personnel collecting unrelated information in the internal system. Once verified, the company immediately fired the involved employees and notified potentially affected customers. After receiving the email on May 11, the company confirmed that these employees were involved in the same data theft operation.
Armstrong stated in the video: “These attackers have been reaching out to our overseas customer service personnel, looking for weaknesses, specifically those willing to accept bribes in exchange for leaking some customer information. Unfortunately, they did find several bad apples.”
As the cryptocurrency industry itself relies on anonymity, hacking attacks have long plagued this industry. Research firm Chainalysis reported that losses from such incidents reached $2.2 billion in 2024. In February of this year, cryptocurrency exchange Bybit lost $1.5 billion in cryptocurrency due to a hacking attack.