Coinbase Faces Up to $400 Million Reimbursement Cost After Recent Cyberattack

Coinbase submitted its 8-K filing to the US SEC on May 14.

Written by Radhika Parashar, Edited by David Delima | Updated: 16 May 2025 19:29 IST

Coinbase Faces Up to $400 Million Reimbursement Cost After Recent Cyberattack

Photo Credit: X/ @coinbase

Coinbase claims that no private keys have been compromised

Highlights

The SEC is part of the investigation in this case
Coinbase is pursuing the harshest penalties
The exchange plans to reward those who give information on attackers

Coinbase recently disclosed a cyberattack on its network. As part of the attack, cybercriminals managed to steal funds from exposed users under false claims. The crypto exchange said it will voluntarily reimburse users affected by the data breach. In a filing with the US Securities and Exchange Commission (SEC), the exchange preliminarily estimated that these remediation expenses could range between $180 million (roughly Rs. 1,541 crore) and $400 million (roughly Rs. 3,426 crore).

Coinbase Says Estimates Could Increase or Decrease After Thorough Review

The firm submitted its 8-K filing to the SEC on May 14. It said that the losses it has estimated based on preliminary analysis could increase or decrease after a thorough review of other factors is conducted. These include indemnification claims and potential recoveries.

"The company is continuing to review and bolster its anti-fraud protections to mitigate the risk that the compromised information could be used in social engineering attempts. The company is also in the process of opening a new support hub in the United States and taking other measures to harden its defenses to prevent this type of incident," the filing noted.

Coinbase Says Attackers Stole User Data, Demanded $20 Million Ransom

Coinbase CEO Brain Armstrong said cyber criminals managed to bribe some overseas support agents of the company to gain access to the personal user data of "less than one percent of its users."

As per Armstrong, the attackers reached out to the exchange claiming possession of this user data and demanded a ransom of $20 million (roughly Rs. 171 crore) for not leaking the data. The company CEO has refused to surrender to this ransom demand. Instead, he announced a $20 million (roughly Rs. 171 crore) reward fund inviting information on these attackers.

"Since receipt of the email, the Company has assessed the email to be credible," the exchange said in its filing.

Ethereum Unveils 'Trillion Dollar Security' Initiative: Here's What It Is

Coinbase, in a blog post, claimed that the insiders who were found involved with the incident have been fired for abusing their access to customer support systems and stealing their data.

The attackers have managed to obtain details including the bank account numbers, government IDs, and the account data of the impacted users. Other details such as names, addresses, emails, and masked social security numbers have also been breached as part of this incident.

The company does, however, claim that no passwords, private keys, or funds were exposed in the breach. As per a Bloomberg report, the US SEC is also part of the ongoing probe into the incident.

https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025

Following Coinbase's disclosure of the incident, its stocks reportedly fell by more than six percent.

Coinbase has yet to disclose the exact amount of funds its users ended up sending to the attackers. It also remains uncertain if the data breach only affected Coinbase users in the US or if international users were also impacted.

"While Coinbase has not experienced material operational impacts from these events as of the date hereof, the full financial impact of the Incident on the company is still in the process of being assessed," it added in its SEC filing.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, Coinbase, Data Breach, Brian Armstrong, US SEC

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More