Coinbase says cybercriminals bribed a small group of overseas support contractors to pull customer data from internal tools, hitting “less than 1 %” of its monthly active users.
The exchange said the breach did not expose any passwords, private keys, or funds, and that Coinbase Prime accounts remained untouched.
Coinbase Attackers Demanded $20 Million Ransom
The attackers demanded a $20 million payment to keep the incident quiet. However, Coinbase said that it refused and redirected the sum into a $20 million reward fund for information leading to their arrest and conviction.
“We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” Coinbase said.
Stolen records include names, addresses, phone numbers, masked Social Security digits, partial bank details, and account snapshots.
“Their [attackers] aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the exchange added.
The company vowed to make victims “whole” if follow-up social-engineering scams lured them. New withdrawal friction, extra ID checks, and real-time scam prompts are already live on flagged accounts.
Preventive measures include a new US support hub, stronger insider-threat detection, and nonstop red-team simulations. Coinbase has referred the fired insiders to the US and international law enforcement agencies. The exchange will also be working with blockchain analytics firms to tag the attackers’ addresses and freeze stolen funds.
The news comes just days after Curve Finance warned users that its website may have been hijacked in an attack.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
