Coinbase Rejects $20M Ransom, Pledges Same Bounty After Insider Leak Hits 1% of Users

Coinbase Data Breach Hack
Journalist
Journalist
Tanzeel Akhtar
About Author

Tanzeel Akhtar has been covering the cryptocurrency and blockchain sector since 2015. She has written for the Wall Street Journal, Bloomberg, CoinDesk, Bitcoin Magazine and Bitcoin.com.

Last updated: 
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

$20 million ransom demand flipped into a matching bounty when Coinbase disclosed this week that bribed overseas support staff leaked partial data on less than 1% of its users, reigniting fears of insider threats across crypto exchanges.

The crypto exchange says a group of rogue agents were bribed by cybercriminals to copy sensitive data, which was then used in a social engineering campaign to impersonate Coinbase and defraud users.

Although no customer funds, passwords, or private keys were accessed, the attackers obtained partial personal information, including names, contact details, masked Social Security and bank account numbers, and in some cases, images of government-issued IDs.

Coinbase emphasized that Coinbase Prime users were not impacted and that no direct access to hot or cold wallets was ever at risk.

“We’re committed to full transparency,” Coinbase said in a public statement, “and instead of giving in to the $20 million ransom demand, we’re establishing a $20 million reward fund to bring the criminals to justice.”

The Anatomy of the Attack

According to Coinbase, the breach occurred when criminals targeted overseas support agents and offered them financial incentives to participate in the scheme. A small number of insiders accepted the bribes and abused their privileged access to copy data stored in customer support tools.

The attackers then attempted to extort the company, threatening to release the stolen information unless Coinbase paid a $20 million ransom. The exchange declined the demand, opting instead to notify affected users and bolster its internal and external security infrastructure.

The stolen data included transaction histories, account balances, and some internal documentation accessible to support agents. However, the attackers did not obtain passwords, two-factor authentication codes, private keys, or access to any wallets, thus preventing direct theft of funds.

Coinbase’s Response and Customer Support

In response to the breach, Coinbase has pledged to reimburse retail customers who were tricked into sending funds to scammers through social engineering tactics.

These reimbursements will be made after a thorough review process. Affected accounts are now subject to increased withdrawal security protocols, including additional ID checks and scam-awareness prompts.

Coinbase said it is also taking steps to reinforce its global support operations. For example, a new customer support hub is being established in the United States, and enhanced insider-threat detection systems are being rolled out across all service locations.

The company has intensified internal simulations to stress-test its security infrastructure and isolate potential vulnerabilities.

All impacted users have received direct communication, and Coinbase is working closely with law enforcement agencies both in the U.S. and internationally. The rogue employees involved were immediately terminated and referred for criminal prosecution.

A Call for Accountability

Rather than succumbing to extortion, Coinbase said it is offering a $20 million reward for information that leads to the arrest and conviction of those responsible for the breach.

Anyone with credible information is encouraged to contact the company at [email protected]. In parallel, Coinbase and its partners have tagged crypto wallet addresses associated with the attackers to aid in asset recovery.

Coinbase is also reminding users to stay vigilant against scams and impersonators. Customers are urged to never share passwords or 2FA codes, and to lock their accounts immediately if something seems suspicious.

“Trust is foundational to crypto adoption,” Coinbase said in its closing statement. “We’re sorry for the concern this incident caused and remain committed to transparency and protecting our users at every step.”

Huge Blow for the Company

Commenting on the cyber attack on Coinbase, Nick Jones, founder and CEO at Zumo, said: “Unfortunately, as our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures.”

“This is understandably a huge blow for a company that has had a pivotal few weeks, announcing the acquisition of Deribit in the digital market’s largest deal to date, and then joining the S&P 500.”

“This attack underlines the critical importance of robust cybersecurity measures. The European Union (EU) introduced its Digital Operational Resilience Act (DORA) earlier this year with an emphasis on financial institutions ensuring the resilience of their supply chain, promoting better data hygiene, and sharing usable insights on attacks they have experienced to strengthen the industry’s perimeter. This seems particularly pertinent as it emerges that the hack occurred when attackers bribed overseas support staff,” Jones added.

Logo

Why Trust Cryptonews

2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors
editors
+ 66 More

Best Crypto ICOs

Discover trending tokens still in presale — early-stage picks with potential

Explore Our Tools

Smart tools made for everyday crypto users

Market Overview

  • 7d
  • 1m
  • 1y
Market Cap
$3,359,418,509,350
-0.35
Trending Crypto

More Articles

Bitcoin News
Coinbase Rejected Bitcoin Investment Strategy Over Fears It Could Undermine Business
Amin Ayan
Amin Ayan
2025-05-11 09:33:05
Blockchain News
Coinbase Alerts Market to Possible Crypto Winter Ahead
Shalini Nagarajan
Shalini Nagarajan
2025-04-16 06:18:35
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors