Cryptocurrency exchange Coinbase has recently disclosed a significant data breach involving the bribery of customer support agents, leading to the leak of sensitive information from approximately 6,000 users. The attackers attempted to extort the company for $20 million but were met with a firm refusal from Coinbase, which instead offered a similar bounty for information on the criminals.

Key Takeaways

• Coinbase refused to pay a $20 million ransom after a data breach.

• Sensitive data from less than 1% of users was compromised.

• The company is offering a $20 million reward for information leading to the arrest of the attackers.

• Coinbase plans to reimburse affected customers and strengthen security measures.

Overview Of The Breach

On May 11, 2025, Coinbase revealed that cybercriminals had successfully bribed customer support agents, primarily based overseas, to leak sensitive user data. This breach affected less than 1% of Coinbase's monthly active users, which translates to around 6,000 individuals. The stolen data included:

• Names, addresses, and phone numbers

• Masked Social Security numbers (last four digits)

• Masked bank account numbers and identifiers

• Government ID images (e.g., driver's licenses, passports)

• Account data, including balance snapshots and transaction history

Despite the severity of the breach, Coinbase assured its users that no passwords, private keys, or funds were compromised, and that Coinbase Prime accounts remained secure.

The Extortion Attempt

Following the data breach, the attackers attempted to extort Coinbase for $20 million in Bitcoin, threatening to release the stolen data if their demands were not met. Coinbase's CEO, Brian Armstrong, stated, "We said no," emphasizing the company's commitment to not yielding to extortion.

In a bold counter-move, Coinbase announced a $20 million reward for information leading to the arrest and conviction of the attackers. This strategy marks a shift in how cryptocurrency firms respond to extortion attempts, moving from a defensive to an offensive stance.

Response And Future Measures

Coinbase is taking several steps in response to the breach:

• Reimbursement: The company will reimburse customers who were tricked into transferring funds due to social engineering attacks.

• Increased Security: Coinbase is implementing stricter ID checks for flagged accounts and enhancing its defenses against insider threats.

• Collaboration with Law Enforcement: The company is working closely with law enforcement agencies to pursue the attackers and ensure they face the consequences of their actions.

Ongoing Security Concerns

This incident highlights ongoing security vulnerabilities within Coinbase, particularly regarding its reliance on overseas contractors for customer support. Critics have pointed out that the company's growth-focused model may prioritize shareholder returns over robust security measures. Security experts have noted that Coinbase users are losing significant amounts of money to social engineering scams, with estimates suggesting losses of around $300 million annually.

In light of these events, Coinbase is under pressure to improve its security protocols and restore user trust. The company has acknowledged the need for better oversight of its customer support operations and is taking steps to address these vulnerabilities moving forward.

As the cryptocurrency landscape continues to evolve, incidents like this serve as a reminder of the importance of security and vigilance in protecting user data and assets. As cyber threats grow more sophisticated, staying informed is more important than ever. BetterWorld Technology delivers advanced cybersecurity solutions designed to adapt with the threat landscape—ensuring your business stays protected while continuing to innovate. Take the first step toward stronger security—contact us today for a consultation!

Sources

• Coinbase Refuses To Pay $20M Ransom For Leaked Data, The Deep Dive.

• Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails, The Hacker News.

• Coinbase Hacked for Customer Data, Turns Tables on Would-Be Extortionists, Decrypt.

• Coinbase says staff leaked customer data, refuses to pay $20M ransom, Informed crypto news.