Coinbase Data Leak: Company’s big decision after cyber attack – no ransom, 20 million dollar reward fund
Crypto trading platform Coinbase has revealed a major cyber attack and extortion attempt. According to the company, some overseas customer support agents colluded with cyber criminals to steal data of some of the company’s customers. Behind all this was a dangerous game of social engineering, in which hackers cheated people by posing as Coinbase.
But the biggest thing is that Coinbase refused to pay the ransom and instead announced a reward fund of 20 million dollars – this bounty has been kept for anyone who helps in the arrest and conviction of these cyber criminals.
What happened?
Coinbase said in its official statement that some cyber criminals bribed its overseas customer support agents. Those agents misused their position and stole data of a small portion—about 1%—of monthly transacting users from customer support tools.
After misusing this data, the attackers contacted customers, and tried to steal their crypto assets by posing as Coinbase representatives. When the attackers demanded a ransom of $20 million from Coinbase to hide this matter, the company flatly accepted it. In return, Coinbase has announced a reward of $20 million for those who provide information about the criminals.
What did the attackers get?
Attackers stole some personal and account-related information, such as:
Name, address, phone number, and email
Masked Social Security Number (only last 4 digits)
Masked bank account numbers and some bank identifiers
Government ID images (such as passport or driver’s license)
Account balance snapshots and transaction history
Limited corporate data, such as training materials and communications
What was not found?
It is important that the attackers did not get access to some critical and sensitive data:
Login credentials or 2FA codes
Private keys
Access to any customer funds
Coinbase Prime accounts
Coinbase’s hot or cold wallets
That is, the customer’s crypto funds are safe.
What did Coinbase do?
- Impacted Users Notified:
Those whose data was accessed were emailed on May 15 at 7:20 a.m. ET from no-reply@info.coinbase.com. - Reimbursement for Affected Customers:
Coinbase will fully refund those who lost money in social engineering attacks. - Extra Safeguards:
Now flagged accounts will undergo extra ID checks for large withdrawals, and scam-awareness prompts will be mandatory. - New US-Based Support Hub:
The company has decided to open a new support hub in the U.S. where security and monitoring will be even stronger. - Insider Threat Detection:
Now more investment has been made on insider threat detection and automated responses. Simulations are also being run to identify potential threats in internal systems. - Transparency:
The company has said that they will keep updating the community as the investigation progresses.
Action against criminals
- $20 million reward fund:
Instead of giving ransom amount, Coinbase has announced the same amount as a reward. Anyone who helps in the arrest and conviction of the attacker will get this reward. To send tips, people can email security@coinbase.com with the subject line “[BOUNTY]”. - Crypto Address Tagging:
The crypto addresses of the attackers have been tagged on the blockchain, which will help in tracing the funds. - Legal Action:
The support agents who were involved in this were immediately fired and their case was handed over to U.S. and international law enforcement. Coinbase has said that it will press criminal charges against them.
Coinbase’s Commitment
The company said, “Security and transparency are our core values. We will not bow to extortionists. We have strengthened our systems, are reimbursing affected customers, and are working with the entire system to bring criminals to justice.”
This incident is a wake-up call for the crypto industry—where trust and security are of paramount importance. Coinbase’s tough stance is an example of how integrity is not compromised even in the face of cyber threats.
If you think you may have been affected by this attack, check your email inbox or contact Coinbase support.