Coinbase Says Cybercriminals Breached User Data, Demanded $20 Million Ransom

Coinbase claims data of less than one percent of its users was breached in the incident. 

Coinbase Says Cybercriminals Breached User Data, Demanded $20 Million Ransom

Photo Credit: Reuters

Coinbase was founded in 2012 and is registered in Delaware, US

Highlights
  • Coinbase said it refused the $20 million ransom demand 
  • The exchange will reimburse users who transferred funds to attackers 
  • Coinbase is offering $20 million in rewards for attackers' info 
Advertisement

Coinbase confirmed a customer data breach on its platform Thursday and claimed a group of rogue overseas support agents recruited by cyber criminals were responsible for the attack. In a video message posted on X, Coinbase CEO Brian Armstrong said cyber attackers wrote to the exchange, claiming they had obtained personal data of a portion of Coinbase users. In exchange for not leaking the data, the attackers allegedly demanded a ransom of $20 million (roughly Rs. 171 crore). The development comes just days after Coinbase became the first crypto firm to have secured a spot on the elite S&P 500 index. The exchange has refused to surrender to the demand of the attackers.

No passwords, private keys, or funds were exposed in the breach, the exchange said. Coinbase Prime accounts, too, were unaffected by the attack. Cyber criminals “bribed and recruited” a group of rogue overseas support agents to steal Coinbase customer data, Coinbase said in a blog post published Thursday.

“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” the firm said.

According to the exchange, the attackers' aim was to execute social engineering attacks and get individuals to transfer funds. Coinbase said it would reimburse customers who were tricked into sending funds to the attacker, but did not elaborate on the details of the reimbursement process. It said the reimbursements would happen voluntarily via Coinbase after facts were reviewed.

As per the exchange, the attackers managed to obtain bank account numbers, government IDs, and the account data of the impacted users. Other details such as names, addresses, emails, and masked social security numbers have also been compromised in the breach. 

The exchange claims that data of less than one percent of its users was breached as part of the incident. It is uncertain if the data breach only affected Coinbase users in the US or if international users were at risk, as well. The exchange recently acquired its FIU registration in India to mark its re-entry into the country.

Addressing the breach, Armstrong said that no ransom would be paid to the attackers. Instead, Coinbase was setting up a $20 million reward fund for information leading to the identification of the attackers.

The exchange said it was working closely with law enforcement agencies to ensure the “harshest” penalties on the attackers. Coinbase is also working with industry partners to trace the attackers through their wallet addresses and attempt to recover assets.

Coinbase has not disclosed the amount wired to the attackers by unsuspecting users.

In the first quarter of this year, Coinbase reported $9.9 billion (roughly Rs. 84,632 crore) in USD resources. The exchange also reported a total revenue of $2 billion between January and March this year, along with a net income of $66 million (roughly Rs. 564 crore).

Just this week, the exchange announced the acquisition of Deribit, a renowned crypto derivatives platform. After completing the $2.9 billion acquisition, Armstrong reportedly said the exchange was planning to explore more mergers and acquisitions.

Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Radhika Parashar
Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More
Blockchain Association Taps US CFTC Commissioner Summer Mersinger as CEO
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »