Coinbase said cyber crooks stole customer information and demanded $20 million ransom payment

ALAN SUDERMAN

Thu, May 15, 2025, 7:48 AM 2 min read

Coinbase, the largest cryptocurrency exchange based successful the U.S., said Thursday that criminals had improperly obtained idiosyncratic information connected the exchange’s customers for usage successful crypto-stealing scams and were demanding a $20 cardinal outgo not to publically merchandise the info.

Coinbase CEO Brian Armstrong said successful a social media post that criminals had bribed immoderate of the company’s lawsuit work agents who unrecorded extracurricular the U.S. to manus implicit idiosyncratic information connected customers, similar names, dates of commencement and partial societal information numbers.

“(The stolen data) allows them to behaviour societal engineering attacks wherever they tin telephone our customers impersonating Coinbase lawsuit enactment and effort to instrumentality them into sending their funds to the attackers,” Armstrong said.

Social engineering is simply a fashionable hacking strategy, arsenic humans thin to beryllium the weakest nexus successful immoderate network. Many large companies person suffered hacks and information breaches arsenic a effect of specified scams successful caller years.

Coinbase did not specify however galore customers had their information stolen oregon fell prey to societal engineering scams. But the institution did pledge to reimburse immoderate who did.

In a filing with the Securities and Exchange Commission, Coinbase estimated that it would person to walk betwixt $180 cardinal to $400 cardinal “relating to remediation costs and voluntary lawsuit reimbursements relating to this incident.”

The SEC filing said that the institution had, “in erstwhile months,” detected immoderate of its lawsuit work agents “accessing information without concern need.” Those employees had been fired, and the institution said it stepped up its fraud prevention efforts.

Coinbase said it received an email from the attackers connected Sunday demanding a ransom of $20 cardinal worthy of bitcoin not to publically merchandise the lawsuit information they had stolen.

Armstrong said the institution was refusing to wage the ransom and would alternatively connection a $20 cardinal bounty for anyone who provided accusation that led to the attackers’ arrest.

“For these would-be extortionists oregon anyone seeking to harm Coinbase customers, cognize that we volition prosecute you and bring you to justice,” Armstrong said. “And cognize you person my answer.”