Coinbase, the largest cryptocurrency exchange in the United States, disclosed Thursday that it is facing a potential financial impact of up to $400 million after cybercriminals bribed overseas support staff to steal sensitive customer data and demand a $20 million ransom. The breach comes days before Coinbase is set to be added to the benchmark S&P 500 index.
In a filing with the Securities and Exchange Commission, Coinbase reported receiving an email on May 11 from an unidentified party who claimed to possess internal documents and data tied to certain customer accounts. That data included names, addresses, phone numbers, emails, masked bank account information, the last four digits of social security numbers, government ID images, and account balances. No login credentials, passwords, or private keys were compromised, the company said.
"Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks," the company stated in a blog post Thursday. "These insiders abused their access to customer support systems to steal the account data for a small subset of customers."
Coinbase confirmed that it has terminated the employees involved and notified customers who may have been affected. The company added it is enhancing its fraud monitoring systems and will reimburse customers who were tricked into sending funds to attackers. Coinbase Prime accounts, used by institutional investors, were not impacted.
"We're cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received," Coinbase said. "Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack."
Coinbase had independently detected the unauthorized activity months prior and has since taken remedial steps to mitigate further risks. The company emphasized that the breach was limited to a small group of customer accounts.
Shares of Coinbase dropped 2% in premarket trading following the announcement. The attack adds to mounting concerns over cybersecurity vulnerabilities in the digital asset space. According to blockchain analytics firm Chainalysis, hackers stole $2.2 billion from crypto platforms in 2024 alone, marking the fourth consecutive year that such thefts exceeded $1 billion.
Security has become a persistent challenge for the cryptocurrency industry. In February, Bybit reported a record theft of $1.5 billion in digital tokens, a breach some analysts described as the most damaging in crypto history.
Despite the breach, Coinbase recently announced a new acquisition to expand its global reach and has reiterated its ambition to become "the number one financial services app in the world," as CEO Brian Armstrong said during last week's earnings call.
