Hackers infiltrated Nasdaq-listed cryptocurrency exchange Coinbase by paying off a small group of overseas support contractors, the company disclosed, leading to a breach that exposed sensitive customer data and triggered a $20 million extortion attempt.
According to a regulatory filing and accompanying blog post, the attackers stole information tied to fewer than 1% of Coinbase’s monthly active users.
The compromised data includes full names, phone numbers, partial social security numbers, masked bank account details, and images of government-issued IDs. The exchange said that passwords, private keys, and access to wallets were not taken.
The attack unfolded through an internal betrayal: cybercriminals allegedly offered bribes to outsourced support agents in exchange for access to the company’s customer service systems.
Once inside, the attackers gathered data that was later used to impersonate Coinbase in phishing and other social engineering attempts targeting customers.
Coinbase first detected the breach through its internal systems and fired the involved employees.
On May 11, the attackers escalated, sending an email to the company claiming they had the stolen information and demanding payment to keep it under wraps.
The exchange said it rejected the ransom and instead launched a $20 million reward fund to aid law enforcement efforts.
“We’re cooperating closely with law enforcement to pursue the harshest penalties possible,” the company wrote. “[We] will not pay the $20 million ransom demand we received.”
To reduce future risk, Coinbase is moving to open a U.S.-based support hub, adding new withdrawal safeguards, and increasing investment in insider threat detection. The company also pledged to reimburse affected users who were tricked into transferring funds as a result of the breach. The exchange estimated this could cost it $180 to $400 million, although it’s still assessing the extent of the damage.
The incident comes roughly one month after blockchain sleuth ZachXBT warned that some users on Coinbase were somehow getting hacked.
To Debut Regional Growth and Advanced Capabilities at GISEC Global 2026 Dubai, UAE, 2nd January…
DUBAI, United Arab Emirates, 2nd January 2026, ZEX PR WIRE, Securonix, a six-time Leader in the…
NYC, NY, 2nd January 2026, ZEX PR WIRE, Silent Breach, a global leader in offensive cybersecurity,…
Melbourne, Australia, 28th December 2025, ZEX PR WIRE, $LIVEBEAR, a community driven Solana based token…
MiCA and DAC8 Implementation Timeline Spain has aligned its crypto rules with EU frameworks. The…
Current Market Conditions Bitcoin traded around 87,500 to 88,200 on December 23, 2025, down about…