KYC database of Coinbase, the most important U.S. digital asset trade, has been breached and as much as 1% of month-to-month lively customers, or round 100,000 prospects, have had their private data stolen.
Hackers reportedly bribed abroad buyer help brokers and contractors to leak inside firm data and consumer information. They then demanded $20 million and threatened to launch the stolen information if Coinbase didn’t pay.
As a substitute of paying the ransom, Coinbase stated no and is organising a $20 million reward fund for anybody who will help catch the hackers.
“They then tried to extort Coinbase for $20 million to cowl this up. We stated no,” the corporate stated in a blog post. “As a substitute of paying the $20 million ransom, we’re establishing a $20 million reward fund.”
So what’s been stolen? The breach, which was first disclosed in a filing with the U.S. Securities and Trade Fee (SEC), didn’t contain any theft of buyer funds, login credentials, non-public keys or wallets.
However the hackers did get:
- Full names
- Addresses
- Telephone numbers
- Electronic mail addresses
- Final 4 digits of Social Safety numbers
- Checking account numbers and a few financial institution identifiers
- Authorities ID photos (driver’s licenses, passports, and many others.)
- Account balances and transaction historical past
- Inner company paperwork and coaching supplies
Coinbase says Prime accounts weren’t affected and no passwords or 2FA codes have been stolen.
In response to Coinbase, the attackers focused outsourced help brokers in international locations like India. They have been providing money bribes in trade for entry to the corporate’s inside buyer help instruments.
“What these attackers have been doing was discovering Coinbase staff and contractors primarily based in India who have been related to our enterprise course of outsourcing or help operations, that type of factor, and bribing them so as to receive buyer information,” said Philip Martin, Coinbase’s Chief Safety Officer.
Coinbase stated it first noticed suspicious exercise in January 2025 however didn’t get a direct electronic mail from the risk actors till Could 11. The e-mail had proof of stolen information and the ransom demand.
Coinbase rapidly launched an investigation, fired all of the concerned help brokers and notified legislation enforcement. It additionally began notifying customers through electronic mail on Could 15.
The Coinbase information breach has hit it arduous, financially and publicly. The corporate estimates it would spend $180-$400 million on safety upgrades, reimbursements and different remediation.
Coinbase’s inventory additionally took successful, dropping 6.4% after the information broke, earlier than rebounding.
Analysts say this couldn’t have come at a worse time, as Coinbase is about to be added to the S&P 500 index – a giant deal for any publicly traded firm.
It’s undoubtedly an unlucky timing. “This will likely push the trade to undertake stricter worker vetting and introduce some reputational dangers,” said Bo Pei, analyst at U.S. Tiger Securities.
Coinbase will reimburse any prospects who have been tricked into sending their digital property to the attackers as a part of social engineering scams. They’ve additionally launched new safety measures:
- Further ID verification for high-risk withdrawals
- Rip-off-awareness prompts
- A brand new U.S.-based help heart
- Stronger insider risk monitoring
- Simulation testing for inside techniques
Affected prospects have already been notified and the trade is working with U.S. and worldwide legislation enforcement to trace down the attackers.
That is half of a bigger development within the digital property world. Earlier this yr, Bybit, one other trade, was hit with a $1.5 billion theft, dubbed the largest digital asset heist in historical past.
Research from Chainalysis exhibits over $2.2 billion was stolen from digital asset platforms in 2024 alone.
