Topline
Coinbase on Thursday announced hackers bribed some of its overseas employees for customer data and demanded a $20 million ransom from the company, a request Coinbase said it denied while forecasting costs up to $400 million to remedy the incident.
The crypto exchange operator said an “unknown threat actor” claimed to have stolen data from some … More
Key Facts
Coinbase reported in a Securities and Exchange filing Thursday the company received an email on May 11 from an “unknown threat actor” that claimed to have stolen sensitive information from less than 1% of its monthly users, including data related to “customer service and account management systems.”
The email demanded $20 million in bitcoin from Coinbase in exchange for not publicly disclosing the customer data, according to Coinbase, which said it would not pay the request and had contacted law enforcement.
Brian Armstrong, Coinbase’s CEO, said in a video posted to social media the company had detected instances of support agents collecting information about Coinbase’s internal systems in the months leading up to the email.
Coinbase estimated expenses between $180 million and $400 million for “remediation costs and voluntary customer reimbursements,” though the company noted these costs could increase after a full review of other potential losses.
The cyber criminals “bribed and recruited” some of Coinbase’s support agents and contractors outside the U.S. with cash to copy customer data and then planned to use that data to pretend to be Coinbase to convince its users to hand over their crypto, Coinbase said.
Coinbase said the bribed employees were “immediately terminated” and offered a full reimbursement to any customers who lost money from the incident.
Get Forbes Breaking News Text Alerts: We’re launching text message alerts so you’ll always know the biggest stories shaping the day’s headlines. Text “Alerts” to (201) 335-0739 or sign up here.
Big Number
$20 million. That’s how much Coinbase is offering as a bounty to anyone with information leading to the criminals’ arrest.
What Customer Data Was Stolen From Coinbase?
A “small subset of customers” had their data stolen, including users’ names, addresses, phone numbers, emails, the last four digits of their social security numbers, some bank account numbers, government-issued ID images from driver’s licenses and passports, balance and transaction history and some corporate data like training material and communication with support agents. Data not taken from customers included login credentials, the ability to move or access customer funds and access to any Coinbase wallets, Coinbase said.
Crucial Quote
Armstrong said the criminals have “been approaching our overseas customer support agents, looking for a weak leak, someone who would accept a bribe in exchange for sharing customer information with them,” adding, “Unfortunately, they were able to find a few bad apples.”
Key Background
The disclosure from Coinbase, reportedly the largest crypto exchange in the U.S., comes just days before the company joins the S&P 500 index next week. During the company’s earnings call last week, Armstrong said he hoped Coinbase would become the “number one financial services app in the world” over the next five to 10 years, after the company announced it had acquired the crypto derivatives exchange Deribit in a $2.9 billion deal. The hack also comes as other crypto firms have been targeted, with an estimated $2.2 billion lost to similar incidents in 2024, researchers said. Earlier this year, the FBI claimed hackers from North Korea were responsible for stealing about $1.5 billion in virtual assets from the crypto exchange Bybit.
Further Reading
North Korean Hackers Cash Out Hundreds Of Millions From $1.5 Billion Bybit Hack (BBC)
