- Coinbase has disclosed a data breach involving bribed overseas support agents
- The breach has affected less than 1% of monthly transacting users
- The company has refused a $20 million ransom and instead offered a $20 million reward for information leading to the attackers
Crypto giant Coinbase has revealed a security breach in which cybercriminals bribed overseas support agents to gain access to customer data. The breach impacted fewer than 1% of its monthly transacting users, with no passwords, private keys, or funds compromised. Refusing to yield to a $20 million ransom demand, Coinbase has instead offered a $20 million bounty for information leading to those responsible. The extortion attempt comes two months after Microsoft warned that hackers were specifically targeting the company.
Insider Breach and Extortion Attempt
In a blog post dated 15 May 2025, Coinbase outlined how a small number of third-party support agents were bribed by attackers to misuse internal customer support tools. The company stated that the aim was to “gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto” and tried to extort Coinbase for $20 million to cover it up. As Coinbase puts it (in bold), “We said no.”
Despite its stance, the attackers still got away with the following information:
- Names
- Email addresses
- Phone numbers
- Addresses
- Partial Social Security numbers
- Masked bank account data
- Government-issued ID images
- Certain account-related metadata, such as transaction history and balances
Despite the scale of the breach, Coinbase confirmed that no login credentials, two-factor authentication codes, or private keys were exposed, while Coinbase Prime accounts remained unaffected.
Huge Reward for Information
Having stolen the data, the attackers then issued a $20 million extortion demand, threatening to leak the information. “Coinbase did not pay the ransom,” the company stated. “Instead, we are offering a $20 million reward for information that leads to the identification, arrest, and successful prosecution of these criminals.” Such a reward is head and shoulders above any other such rewards ever offered, showing the seriousness with which Coinbase is taking the situation.
To mitigate the damage and protect users, Coinbase has committed to fully reimbursing any customers who were tricked into sending funds as a result of social engineering scams related to the breach. The company has also introduced new security features, including enhanced ID checks for large withdrawals and mandatory scam-awareness prompts for users.
New Customer Protections Added
A new customer support hub is being launched in the U.S., and security operations are being overhauled with increased investment in insider threat detection, automated response tools, and red-team simulations. The company has already begun notifying affected users, estimating that its breach-related remediation and compensation costs could range between $180 million and $400 million. These figures remain preliminary and may change as the investigation continues. Despite the breach, the company emphasised that its core systems and crypto infrastructure remained secure.
The incident comes two months after Microsoft warned that Coinbase had become a target for hackers and five days after it was alleged that Coinbase customers suffered losses amounting to $45 million in the space of one week through scams.
