Coinbase, the largest US cryptocurrency exchange, disclosed a major cyberattack that exposed sensitive customer data and could cost the company up to $400 million. The hackers have demanded a $20 million ransom payment, but the company has played a $20 million bounty on them instead of paying up.
TechSpot reports that Coinbase has announced it had fallen victim to a sophisticated insider attack that resulted in the compromise of confidential information from certain customer accounts as well as internal company documents. The breach came to light on May 11 when the company received an email from an unknown hacker demanding a $20 million ransom and claiming to possess the stolen data.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
According to Coinbase, the attack was orchestrated through a network of bribed overseas contractors and support employees who handed over the sensitive customer information to the cybercriminals. While the hackers were able to access names, addresses, emails, masked bank account numbers, and partial Social Security numbers, Coinbase stressed that no passwords, private keys, or direct access to customer funds were obtained.
Upon discovering the breach, Coinbase immediately terminated all individuals involved in the scheme and notified affected customers of the potential exposure of their data. The company also refused to bow to the attackers’ $20 million ransom demand, instead opting to cooperate closely with law enforcement authorities. As part of its response, Coinbase set up a $20 million reward fund for information leading to the arrest and conviction of those responsible for the attack.
To further bolster its security posture in the wake of the incident, Coinbase has enhanced its fraud monitoring systems and pledged to reimburse any customers who were deceived into transferring funds to the hackers as a result of the breach. The company disclosed in a regulatory filing that the total cost of the attack could range from $180 million to a staggering $400 million, marking it as one of the most significant security incidents in Coinbase’s history.
The breach comes at a critical juncture for Coinbase, which is on the cusp of joining the prestigious S&P 500 index — a milestone event for both the company and the cryptocurrency industry as a whole. However, the attack has cast a pall over what was meant to be a celebratory moment, underscoring the persistent threats posed by increasingly sophisticated cybercriminals targeting the sector.
Indeed, Coinbase’s woes are emblematic of the broader challenges faced by the cryptocurrency industry in safeguarding against relentless cyberattacks. In 2024 alone, losses from hacks aimed at blockchain platforms have surpassed $2.2 billion, according to a report from Chainalysis. The Coinbase breach follows on the heels of the Bybit exchange heist earlier this year, which saw $1.5 billion in cryptocurrency stolen in what has been dubbed the largest crypto theft to date.
Read more at TechSpot here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
