Hackers bribed Coinbase support agents to steal customer data.
The breach may cost Coinbase up to $400 million in remediation and reimbursements.
Sensitive data including names, addresses, masked bank account numbers, and the last four digits of Social Security numbers were compromised.
Coinbase is offering a $20 million reward for information leading to the arrest and conviction of the criminals.
The company detected the breach independently, terminated the involved employees, and warned affected customers.
Why this matters: This breach underscores the vulnerability of cryptocurrency exchanges to insider threats and the potential for significant financial and reputational damage. It also highlights the importance of robust security measures and employee vetting processes in the crypto industry.
Coinbase reported that cybercriminals bribed overseas support agents to steal customer data for social engineering attacks. The attackers gained access to sensitive information, including names, addresses, phone numbers, emails, masked bank account numbers, the last four digits of Social Security numbers, government ID images, and account balances. Although passwords and private keys were not compromised, the breach led to the potential loss of funds as customers were tricked into sending money to the attackers.
Coinbase detected the breach, terminated the employees involved, warned affected customers, and enhanced its fraud monitoring protections. The company is cooperating with law enforcement and has refused to pay the $20 million ransom demanded by the hackers, instead establishing a $20 million reward fund for information leading to their arrest.
This incident occurred shortly before Coinbase was set to join the S&P 500 index, a significant milestone for the company. The breach highlights the increasing sophistication of cyberattacks targeting the cryptocurrency industry, as evidenced by a Chainanalysis report indicating that $2.2 billion was stolen from crypto businesses in 2024. This event demonstrates the critical need for cryptocurrency firms to prioritize security and protect customer data.
Q: What data was compromised in the Coinbase breach?
Sensitive data including names, addresses, phone numbers, emails, masked bank account numbers, the last four digits of Social Security numbers, government ID images, and account balances were compromised.
Q: How much money could this breach cost Coinbase?
Coinbase estimates the breach could cost between $180 million and $400 million in remediation costs and customer reimbursements.
Q: What is Coinbase doing in response to the breach?
Coinbase terminated the employees involved, warned affected customers, enhanced fraud monitoring, is cooperating with law enforcement, and is offering a $20 million reward for information leading to the arrest of the criminals.
Be vigilant about potential scams and social engineering attempts.
Never share your password, 2FA codes, or transfer assets to unverified addresses.
If you are a Coinbase customer, monitor your account for any suspicious activity.
The cryptocurrency industry is increasingly targeted by cybercriminals, so stay informed about security best practices.
Coinbase will reimburse customers who were tricked into sending funds to the attackers.
Do you think this incident will impact the future of cryptocurrency security? Let us know in the comments!
Share this article with others who need to stay ahead of this trend!
South Korea's e-commerce giant Coupang has been hit with a record-breaking fine exceeding $400 million (£299 million) by the Personal Infor...
Recent actions and statements from Iran have highlighted the vulnerability of undersea internet cables, particularly in the Strait of Hormuz...
The increasing reliance on data centers in the Middle East by U.S. tech companies has inadvertently exposed their infrastructure to regional...
In 2026, cybersecurity regulations are tightening worldwide, compelling organizations to enhance their defense strategies and incident respo...
⚠ Disclaimer: Yanuki provides article summaries and links for reference only. Yanuki does not endorse, verify, or guarantee the accuracy of third-party sources. Please review original sources and verify information independently. Managed by the Yanuki Data Engine. Full Disclaimer