news.bitcoin.com
Coinbase suffered a data breach after bribed overseas support agents enabled access to sensitive user data. A $20 million reward fund has been set up to aid the investigation.
Hackers Bribe Support Staff to Steal Coinbase User Data in Stealth Attack
Crypto exchange Coinbase (Nasdaq: COIN) disclosed on May 15 that a group of bribed overseas support agents helped cybercriminals steal user data in a coordinated extortion attempt. The attackers targeted internal customer support systems and accessed personal information belonging to fewer than 1% of monthly transacting users.
Coinbase confirmed that login credentials, private keys, and customer funds were not compromised. “Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company stated, emphasizing:
No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker.
According to the crypto exchange, the compromised data included names, addresses, phone numbers, and email addresses. In addition, the attackers obtained masked social security numbers (limited to the last four digits), partially redacted bank account information, government-issued ID images such as driver’s licenses and passports, and account-specific data including transaction history and balance snapshots. Limited internal corporate information—like training materials, documents, and communications visible to support agents—was also accessed. However, Coinbase clarified that the attackers did not obtain login credentials, two-factor authentication codes, or access to any hot or cold wallets, including Coinbase Prime accounts.
Coinbase stated that after the attack, the perpetrators attempted to extort the company for $20 million to suppress information about the incident. The exchange disclosed:
They then tried to extort Coinbase for $20 million to cover this up. We said no.
“Instead of paying the $20 million ransom, we’re establishing a $20 million reward fund for information leading to the arrest and conviction of the attackers,” the exchange added.
In parallel, Coinbase is reimbursing affected users and implementing stronger protective measures. These include new ID checks on large withdrawals, a U.S.-based support center, upgraded security controls, insider-threat monitoring, and simulation testing for internal threats. Notifications have already been sent to affected users, and Coinbase affirmed its commitment to keeping the community informed throughout the investigation. A formal disclosure was filed with the U.S. Securities and Exchange Commission the same day.