Coinbase Acknowledges Data Breach as Cybercriminals Request $20 Million Ransom

Uncategorized Mihnea


The foremost cryptocurrency trading platform in the United States, Coinbase, has confirmed that it was subjected to a cyberattack.

In an official blog entry published on Thursday, Coinbase disclosed that unauthorized individuals had infiltrated its systems, gaining access to internal corporate documents and sensitive customer data. The company was informed of the breach on May 11 when it received an email from the assailants.

As per Coinbase, the hackers demanded a ransom of $20 million in return for not publicly disclosing the stolen data. However, the company has chosen not to comply with the ransom demand. Instead, it announced the establishment of a $20 million reward fund for anyone who can provide information that leads to the identification, capture, and prosecution of those accountable. Coinbase also indicated that it is collaborating closely with law enforcement agencies during the ongoing investigation.

Information about the breach was first disclosed through a mandatory submission to the U.S. Securities and Exchange Commission (SEC).

Coinbase suspects that the attack was enabled by a group of foreign contractors and support representatives who were enlisted by the cybercriminals. The company identified that certain authorized personnel were accessing data without a valid business justification. Those implicated were promptly dismissed, and impacted customers were informed.

The company estimates that fewer than 1% of its monthly active users were affected. According to previous filings, this corresponds to around 100,000 users.

While Coinbase confirmed that no login credentials, private keys, cryptocurrency wallets, or exchange funds were compromised, the attackers did acquire a substantial amount of personal information. This includes users’ names, addresses, phone numbers, email addresses, masked bank account numbers, government-issued ID images (such as driver’s licenses and passports), and the last four digits of Social Security numbers. Furthermore, the hackers accessed account-related information such as balance snapshots and transaction histories.

On the corporate front, the attackers accessed limited internal data, including training resources, support communications, and other internal documents.

In a video message shared on social media, Coinbase CEO Brian Armstrong detailed the company’s response and future strategies to avert similar occurrences. Actions include revamping the customer support framework and relocating support operations. Armstrong also assured users that Coinbase will compensate any customers who were victims of social engineering scams resulting from the breach and experienced financial losses.

The company highlighted its dedication to transparency and user protection as it continues to deal with the aftereffects of the cyberattack.