Coinbase , the largest US crypto exchange, has said that it has been hit by a cyber attack that breached account data of a “small subset” of its customers. The company has also confirmed that a group of rogue overseas customer support agents, bribed by hackers, were involved in a targeted data breach aimed at extorting the company and deceiving customers.
According to a video posted by company co-founder and CEO Brian Armstrong, the attackers demanded a $20 million ransom, which Coinbase has refused to pay. Instead, the company is offering a $20 million reward for information leading to the arrest and conviction of those responsible.
Coinbase says support agents helped hackers
According to Coinbase, hackers paid off a small group of outsourced support agents to access and steal data from internal customer support systems. The breach affected less than 1% of monthly transacting users, it added.
Coinbase says that while no login credentials, 2FA codes, private keys, or customer funds were compromised directly, some customers were misled into voluntarily sending crypto to attackers. The CEO has warned that the attackers may use the stolen data in an attempt to carry out social engineering attacks, impersonating Coinbase to trick users into transferring funds.
What data hackers have stolen
The affected data includes
Coinbase also said it expects to incur costs of apprximately $180 million to $400 million in incident remediation and customer reimbursements.
According to a video posted by company co-founder and CEO Brian Armstrong, the attackers demanded a $20 million ransom, which Coinbase has refused to pay. Instead, the company is offering a $20 million reward for information leading to the arrest and conviction of those responsible.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Coinbase says support agents helped hackers
According to Coinbase, hackers paid off a small group of outsourced support agents to access and steal data from internal customer support systems. The breach affected less than 1% of monthly transacting users, it added.
Coinbase says that while no login credentials, 2FA codes, private keys, or customer funds were compromised directly, some customers were misled into voluntarily sending crypto to attackers. The CEO has warned that the attackers may use the stolen data in an attempt to carry out social engineering attacks, impersonating Coinbase to trick users into transferring funds.
What data hackers have stolen
The affected data includes
- Names, addresses, phone numbers, and emails
- Masked Social Security numbers (last 4 digits)
- Masked bank account numbers and some identifiers
- Government ID images (e.g., driver's licenses, passports)
- Account balances and transaction history
- Limited internal documents and communications
- Coinbase Prime and wallet infrastructure (hot/cold wallets) were not impacted.
Coinbase also said it expects to incur costs of apprximately $180 million to $400 million in incident remediation and customer reimbursements.
You may also like
VP Dhankhar inaugurates Bhairon Singh Shekhawat Memorial Library in Jaipur
Lewis Hamilton admits 'I was scared' as harsh Ferrari reality blind-sided him
Dame Esther Rantzen's daughter says 'please give mum peace of mind' on assisted dying
VP Dhankar lauds armed forces for Op Sindoor, says "entire world witnessed strength of India"
Lost in Random: The Eternal Die is the sort of satisfying roguelike spin I didn't know I wanted
