Coinbase, one of the leading cryptocurrency exchanges, has issued a warning that a recent cyberattack could result in a loss of up to $400 million. The attack, which occurred on May 11, targeted the accounts of a "small subset" of Coinbase's customers, compromising sensitive data such as names, addresses, and emails.
The hackers, who claimed to have information about certain customer accounts and internal documents, did not gain access to login credentials or passwords. However, Coinbase will reimburse customers who were tricked into sending funds to the attackers.
The company has fired multiple contractors and employees working in support roles outside the U.S., who were involved in collecting information from the hackers. Despite this, the attackers managed to pay for services rendered, adding to the estimated loss of $180 million to $400 million.
Separately, the U.S. Securities and Exchange Commission (SEC) has begun investigating whether Coinbase misstated its user figures, a claim that has been denied by the company's chief legal officer, Paul Grewal. The SEC is also scrutinizing whether any inaccurate user data could indicate inadequate know-your-customer compliance.
"This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public," said Grewal. "While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close."
The latest developments come days before Coinbase is set to join the benchmark S&P 500 index, casting a shadow over what was expected to be a landmark moment for the crypto industry. Security remains a challenge for the crypto industry, despite its growing mainstream acceptance.
In February, Bybit disclosed a hack in which around $1.5 billion of digital tokens were stolen — widely dubbed the biggest crypto heist of all time. The incident highlights the risks faced by the crypto industry, with funds stolen by hacking platforms totaling $2.2 billion in 2024, according to a report from Chainalysis.
"As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks," said Nick Jones, founder of crypto firm Zumo. The company now also faces a lawsuit, filed in the Southern District of New York, alleging the world's largest crypto exchange failed to secure and safeguard personally identifiable information of millions of former and current customers.
Coinbase has refused to pay a ransom demand of $20 million from the attackers and is working with law enforcement agencies. Instead, it has established a $20 million reward for information on the hackers. The company is also opening a new support hub in the U.S. and taking other measures to prevent such cyberattacks.
In conclusion, the recent cyberattack on Coinbase highlights the ongoing security challenges faced by the crypto industry. While the company has taken steps to mitigate the damage, the incident serves as a reminder of the importance of robust security measures and transparency in the industry.