Coinbase has stated that hackers have bribed hired or employees outside the US to steal sensitive customer data and required $ 20 million in rescue at one of the most relevant security violations ever recorded on a crypto platform.
Largest Crypto Broker in the United States, Coinbase said it does not intend to pay the amount required and estimates that the incident could cost up to $ 400 million to be circumvented.
Criminals offered money to customer support agents to obtain information such as name, address, account data and official documents, according to a statement issued Thursday. The intention was to use the data to go through the company, deceive users and convince them to deliver their cryptors, as well as collecting their own coinbase to cover up the crime.
Less than 1% of the platform’s monthly asset users were affected, the company said. Coinbase said it has reinforced security controls for the impacted and will completely reimburse any lost value. The company is also offering a reward of $ 20 million for information leading to the arrest and conviction of those involved.
In a regulatory document also released on Thursday, Coinbase estimated costs between US $ 180 million and US $ 400 million with corrective measures and voluntary reimbursement to customers. The figure may change significantly, up or down, depending on the final calculation of losses, indemnity claims and eventual recoveries.
Attacks of this type are common in the crypto industry, which depends on anonymity of users and complex digital systems. By 2024, about $ 2.2 billion were lost in such incidents, according to Chainanysis. Crypto brokerages are among the main targets and face high costs to maintain security.
Continues after advertising
“Unfortunately, as our still incipient industry grows rapidly, it attracts the attention of increasingly sophisticated criminals, who use new artificial intelligence tools to circumvent fraud prevention mechanisms,” said Nick Jones, founder and CEO of Crypto Zumo technology platform. “It’s understanding a hard blow to a company that came from decisive weeks.”
The incident occurs on the eve of the inclusion of coinbase in the S&P 500 index, scheduled for next week. Entry into the index has become increasingly relevant, given the growing dominance of passive funds. Coinbase shares fell more than 5%, quoted at US $ 249.34 at 9:52 am in New York.
The attack involved social engineering – a tactic in which criminals explore people, not breaches in systems, to gain access to sensitive data. This approach has been increasingly common in crypto, as in the case of the $ 1.5 billion robbery by Broker Bybit in February.
Continues after advertising
According to the company, on May 11 a hacker sent an email saying he had obtained information from coinbase customer and internal documents. The invader demanded $ 20 million in Bitcoin so as not to publicize the leak, said CEO Brian Armstrong in a video published on social networks.
In previous months, the company had already detected cases where support agents accessed internal data without operational needs. Employees were immediately turned off, and affected customers were alerted. After the email of May 11, Coinbase concluded that all cases were part of an orchestrated campaign to steal data.
“These criminals have approached our support agents abroad, looking for a breach – someone willing to accept a bribe in exchange for customer information,” Armstrong said in the video. “Unfortunately, they found some rotten apples.”
Continues after advertising
©2025 Bloomberg L.P.
