Coinbase , the largest US crypto exchange, has said that it has been hit by a cyber attack that breached account data of a “small subset” of its customers. The company has also confirmed that a group of rogue overseas customer support agents, bribed by hackers, were involved in a targeted data breach aimed at extorting the company and deceiving customers.
According to a video posted by company co-founder and CEO Brian Armstrong, the attackers demanded a $20 million ransom, which Coinbase has refused to pay. Instead, the company is offering a $20 million reward for information leading to the arrest and conviction of those responsible.
Coinbase says support agents helped hackers
According to Coinbase, hackers paid off a small group of outsourced support agents to access and steal data from internal customer support systems. The breach affected less than 1% of monthly transacting users, it added.
Coinbase says that while no login credentials, 2FA codes, private keys, or customer funds were compromised directly, some customers were misled into voluntarily sending crypto to attackers. The CEO has warned that the attackers may use the stolen data in an attempt to carry out social engineering attacks, impersonating Coinbase to trick users into transferring funds.
What data hackers have stolen
The affected data includes
Coinbase also said it expects to incur costs of apprximately $180 million to $400 million in incident remediation and customer reimbursements.
According to a video posted by company co-founder and CEO Brian Armstrong, the attackers demanded a $20 million ransom, which Coinbase has refused to pay. Instead, the company is offering a $20 million reward for information leading to the arrest and conviction of those responsible.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Coinbase says support agents helped hackers
According to Coinbase, hackers paid off a small group of outsourced support agents to access and steal data from internal customer support systems. The breach affected less than 1% of monthly transacting users, it added.
Coinbase says that while no login credentials, 2FA codes, private keys, or customer funds were compromised directly, some customers were misled into voluntarily sending crypto to attackers. The CEO has warned that the attackers may use the stolen data in an attempt to carry out social engineering attacks, impersonating Coinbase to trick users into transferring funds.
What data hackers have stolen
The affected data includes
- Names, addresses, phone numbers, and emails
- Masked Social Security numbers (last 4 digits)
- Masked bank account numbers and some identifiers
- Government ID images (e.g., driver's licenses, passports)
- Account balances and transaction history
- Limited internal documents and communications
- Coinbase Prime and wallet infrastructure (hot/cold wallets) were not impacted.
Coinbase also said it expects to incur costs of apprximately $180 million to $400 million in incident remediation and customer reimbursements.
You may also like
Diljit Dosanjh shares all the chaotic fun that when behind his Met Gala debut
Katie Price shares massive update on son Junior's relationship after first anniversary
Jose Mourinho plots shock move for struggling Man Utd star as offer details emerges
Marcus Rashford may have played last game for Aston Villa after Unai Emery admission
Eurovision fans predict which four acts will be eliminated in dramatic second semi-final
