On May 11, 2025, Coinbase, the largest U.S.-based cryptocurrency exchange, revealed a $20M extortion attempt by cybercriminals who bribed overseas customer support staff to leak sensitive user data. As of May 16, 2025, the situation remains dynamic, with Coinbase taking decisive action to mitigate the breach, which affected less than 1% of its monthly active users (approximately 97,000 accounts).
No funds, passwords, or private keys were compromised, and Coinbase has refused to pay the ransom, opting instead for transparency and a robust response.
Coinbase Faces $20M Extortion Attempt – Key Developments
The breach involved a small group of customer support employees, primarily in India, who were bribed to access Coinbase’s internal systems.
The stolen data was used to launch phishing attacks, impersonating Coinbase staff to trick users into transferring crypto assets. Here’s a breakdown of the latest updates:
- Data Compromised: Names, addresses, phone numbers, emails, encrypted bank account details, the last four digits of Social Security numbers, identity documents, transaction histories, account balances, and internal training materials.
- Financial Impact: Coinbase estimates remediation costs, including user compensation and security upgrades, at $180–400 million. The company’s stock dropped 7.2% on May 15 following the disclosure and news of a separate SEC investigation into user verification data from 2021.
- Coinbase’s Response: The exchange fired implicated employees, notified affected users by May 15, and is collaborating with U.S. and international law enforcement. A $20 million bounty is offered for information leading to the culprits’ arrest (contact: security@coinbase.com, subject “[BOUNTY]”).
- Security Enhancements: Coinbase is opening a U.S.-based customer support center, implementing real-time access controls, and urging users to enable two-factor authentication (2FA) and withdrawal allow-listing.
Ongoing Efforts and User Recommendations
Coinbase’s refusal to pay the ransom and its $20 million bounty have been praised as bold moves, though concerns linger about future vulnerabilities. The SEC’s unrelated probe into Coinbase’s user data reporting adds pressure.
Users should check for emails from no-reply@info.coinbase.com, activate 2FA, and stay vigilant against phishing attempts. As Coinbase strengthens its defenses, this incident underscores the growing sophistication of cyber threats in the crypto industry.
Stay ahead with MevX! We’ll always bring you the freshest news.
