Coinbase Says Bribed Workers Leaked Data to Hacker Seeking $20 Million in Ransom

Coinbase Global Inc., one of the largest US crypto exchanges, has revealed that hackers bribed contractors or employees outside the US to steal sensitive customer data and demanded a $20 million ransom. This high-profile security breach is one of the most significant incidents to hit a crypto trading platform in recent times.

The incident, which was disclosed by Coinbase in a statement on Thursday, saw attackers approach overseas customer support agents with an offer they couldn't refuse: cash in exchange for sharing sensitive customer information such as names, addresses, account data, and government ID images. The attackers planned to use this stolen data to pretend to be Coinbase and convince users to hand over their crypto, while demanding ransom from the exchange to cover it up.

Fortunately, less than 1% of Coinbase's monthly transacting users were affected by the breach, according to the company. To mitigate the damage, Coinbase has announced that it will reimburse in full anyone who lost money as a result of the incident. The exchange is also offering a $20 million bounty to anyone with information leading to the attackers' arrest and conviction.

Coinbase's CEO, Brian Armstrong, explained that the company had detected instances of customer support agents collecting information about internal Coinbase systems without needing it for their job in the months leading up to the breach. Upon discovery, those workers were immediately terminated. However, the attackers managed to find a few "bad apples" among the ranks.

"These attackers have been approaching our overseas customer support agents, looking for a weak leak, someone who would accept a bribe in exchange for sharing some customer information with them," Armstrong said in a video posted on social media. "Unfortunately, they were able to find a few bad apples."

The Cost of the Breach

Preliminary estimates suggest that Coinbase may face between $180 million to $400 million in "remediation costs and voluntary customer reimbursements" relating to the incident, according to a regulatory filing released on Thursday. A further review of potential losses, indemnification claims, and potential recoveries could meaningfully increase or decrease this estimate, it added.

The breach is not the first time Coinbase has faced security challenges. Hacks have long plagued the crypto industry due to its heavy reliance on user anonymity and complex digital software. In 2024, around $2.2 billion was lost to such incidents alone, according to researcher Chainalysis. Crypto exchanges are often major targets, facing high ongoing costs to maintain tight security.

The Impact of the Breach

Coinbase is set to join the S&P 500 index next week, and inclusion in the benchmark is becoming increasingly important for companies in a world increasingly dominated by passive investment funds. However, the breach comes as Coinbase's stock has slipped more than 3% in pre-market trading on Thursday.

The attackers employed a social engineering attack, using people to gain unauthorized access to data rather than exploiting flaws in computer code. This type of threat has become increasingly popular in crypto, resulting in recent major incidents like the $1.5 billion hack of crypto exchange Bybit in February.