Hackers who bribed Coinbase contractors to steal customer data are now demanding $20 million in ransom, threatening to expose sensitive information of over 1 million users in what could cost the crypto giant up to $400 million in damages.
Key Takeaways
- Coinbase revealed that “rogue overseas support agents” were bribed by cybercriminals to steal customer data, affecting less than 1% of users (potentially over 1 million accounts).
- Compromised information includes names, addresses, phone numbers, emails, government ID images, and account balances, though passwords, private keys, and funds remain secure.
- Hackers are demanding a $20 million ransom, which Coinbase has refused to pay, instead offering a $20 million reward for information leading to the criminals’ arrest.
- The breach could cost Coinbase up to $400 million to address, with long-term customer risks including phishing attempts and identity theft.
Overseas Contractors Compromised in Massive Data Theft
America’s largest cryptocurrency exchange has fallen victim to a sophisticated attack that targeted not its technological systems but its human element. Coinbase disclosed that cybercriminals successfully bribed several overseas support contractors to access sensitive customer information. The breach was revealed in a Securities and Exchange Commission filing after company officials received an extortion email on May 11. The compromised data includes highly sensitive personal information that could put customers at significant risk of targeted attacks.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” Coinbase stated.
While Coinbase has assured customers that no passwords, private keys, or actual funds were compromised in the breach, the exposed information still represents a significant security threat. The company has terminated the contractors involved and referred them to law enforcement while implementing enhanced monitoring systems to detect any suspicious activity on affected accounts.
$20 Million Ransom Demand Rejected
In a bold stance against digital extortion, Coinbase has firmly rejected the hackers’ $20 million ransom demand. Instead, the cryptocurrency exchange has turned the tables on the criminals by offering the exact same amount – $20 million – as a reward for information leading to their identification, arrest, and conviction. This approach represents a significant departure from how many companies handle such situations, where ransom payments are often quietly made to protect customer data and company reputation.
“We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received,” said Coinbase.
The company has also assured customers that they will be reimbursed if they are tricked into sending funds to attackers as part of any social engineering schemes that might leverage the stolen data. This proactive approach demonstrates Coinbase’s commitment to protecting its users even in the aftermath of a serious security breach that could cost the company hundreds of millions of dollars to address.
🇺🇸 COINBASE HACKED: EMPLOYEES TOOK BRIBES, CUSTOMER DATA LEAKED
Hackers offered cash, and Coinbase support staff took it.
Insiders gave up sensitive user data — names, IDs, even bank info — to attackers who demanded $20M in Bitcoin to stay quiet.
Coinbase said no to the ransom… https://t.co/6ZKhPTX282 pic.twitter.com/lsg1YPBiT4
— Mario Nawfal (@MarioNawfal) May 15, 2025
Long-Term Security Implications
Security experts warn that the compromised data creates lasting vulnerabilities for affected Coinbase customers. While the immediate financial impact may be limited by the company’s assurances that funds remain secure, the exposed personal information opens the door to sophisticated phishing attempts, identity theft, and other targeted attacks that could persist for years. Foreign adversaries, particularly from nations like China, North Korea, and Russia, are known to target cryptocurrency platforms as part of broader financial warfare strategies.
“That kind of exposure isn’t just a privacy issue; it opens the door to phishing, identity theft, and long-term financial vulnerability. Most users won’t feel it today, but if that data gets sold or abused, the impact will remain for years.” Dean Gefen, CEO of NukuDo.
The breach comes at a critical time for Coinbase, which recently announced its inclusion in the S&P 500 index and plans for global expansion. CEO Brian Armstrong has ambitious goals to make Coinbase “the No. 1 financial services app in the world” within the next decade. This security incident highlights the significant challenges faced by financial technology companies as they balance rapid growth with the increasingly sophisticated threats targeting their customers’ data and assets.
“Any company storing sensitive financial data needs to take this as a sign to be on notice. Without the right people, training, and systems in place, this kind of breach is inevitable,” said Dean Gefen, CEO of NukuDo.
