Coinbase, the largest cryptocurrency exchange in the U.S., has been rocked by allegations of insider leaks of user data. Hackers allegedly bribed overseas customer service personnel to steal user information and launch social engineering scams. Coinbase estimates that this incident will lead to potential losses between $180 million and $400 million, primarily related to crisis expenses and voluntary compensation for users.
According to documents submitted by Coinbase to the U.S. Securities and Exchange Commission (SEC) on May 15, hackers bribed overseas customer service personnel to obtain user KYC (Know Your Customer) data, including names, addresses, phone numbers, and emails, and used this information to launch social engineering scams. According to earlier media reports, this incident affected about 1% of monthly active users.
Coinbase stated that the involved employee was terminated upon discovery, and a report has been submitted to U.S. and international law enforcement agencies, with plans to file criminal charges.
According to Coinbase's estimates, this incident could result in expenses ranging from $180 million to $400 million, covering crisis management, information security enhancements, and voluntary compensation for affected users. Officials pointed out that the actual amount may still change due to subsequent loss assessments, legal claims, and potential recoveries.
Hackers demand a $20 million ransom, Coinbase refuses to concede and instead offers a reward to catch the culprits.
As early as three months ago, on-chain detective ZachXBT claimed that Coinbase users lost $300 million due to social engineering scams.
Coinbase also stated that criminals stole images of customer identification documents, account balances, and company data, while account passwords, private keys, and user funds were not affected.
Even more shocking, after committing the crime, the hackers reportedly contacted Coinbase, demanding $20 million in Bitcoin as a 'hush money'. In response, CEO Brian Armstrong firmly refused to pay the ransom and instead offered a $20 million reward to track down the masterminds behind the attack, demonstrating a strong stance.
After the incident came to light, the cryptocurrency community's reactions were mixed. Some netizens praised Coinbase for its transparent handling and willingness to proactively disclose risks; however, many critics questioned why such a significant cybersecurity incident had not been explained externally sooner.
"Potential losses of $400 million! Coinbase exposes 'insider' leaking user data, offering a $20 million reward to catch hackers" was originally published on (Block Ke).
