Coinbase suffers data breach as hackers demand $20m ransom, firm offers matching bounty

US cryptocurrency exchange Coinbase has been targeted by hackers who stole sensitive customer data and demanded a $20 million ransom to prevent its public release.

The attempted extortion, which took place on Monday, comes just days before the company is due to become the first crypto exchange to join the S&P 500 index.

In a statement published on its website, Coinbase said: “Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto. They then tried to extort Coinbase for $20mn to cover this up. We said no.”

Hide Ad
Hide Ad

The company revealed that the attackers had “bribed and recruited” support agents working outside the United States to access its customer data. The employees involved were immediately dismissed.

Coinbase clarified that while the breach affected only a “small subset” of customers, the stolen information included partial Social Security numbers, bank account details, account data, and identity documents such as passports and driver’s licences. However, no passwords, private keys, or funds were compromised.

US cryptocurrency exchange Coinbase has been targeted by hackers who stole sensitive customer data and demanded a $20 million ransom to prevent its public release.placeholder image
US cryptocurrency exchange Coinbase has been targeted by hackers who stole sensitive customer data and demanded a $20 million ransom to prevent its public release. | Anadolu via Getty Images

The California-based firm has offered a $20 million reward, the same amount demanded by the attackers, for information that leads to the arrest and conviction of those responsible.

As reported by the Financial Times, Coinbase shares fell 5.4% in Thursday morning trading in New York, following a 25% surge earlier in the week after news of its inclusion in the prestigious S&P 500 index.

Coinbase said it would reimburse any customers who were tricked into transferring funds to the attackers. The potential compensation could total between $180 million and $400 million.

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.

Telling news your way
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice