Coinbase Hit by $20 Million Extortion Plot After Insider Data Leak

According to the company, several overseas support contractors were bribed by outsiders to leak limited customer data.

In a blog post published on May 15, Coinbase explained that the attackers convinced a few support agents to misuse their access and retrieve information from a small number of user accounts.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Algorand? ALGO Coin Explained With Animations

SUBSCRIBE

ON YOUTUBE

No login credentials, private keys, funds, or Prime accounts were exposed. The company said that less than 1% of active monthly users were affected.

After collecting the stolen data, the group demanded $20 million worth of Bitcoin BTC $103,399.20 to keep the breach private. However, Coinbase offered a $20 million reward for information that could help identify and convict the individuals involved.

Coinbase said it plans to refund those users, and estimated that the total cost of reimbursements and other related actions could reach between $180 million and $400 million. The financial estimate was shared in a filing with the US Securities and Exchange Commission (SEC), where Coinbase described the costs as part of a "voluntary reimbursement" effort.

Coinbase CEO Brian Armstrong stated in a post on X that the attackers had been contacting support staff abroad for several months by offering money in exchange for customer data.

In response, Coinbase plans to improve how it handles customer data and move parts of its support operations to new locations.

On May 13, ZKsync and its development team, Matter Labs, experienced a security incident. How did it happen? Read the full story.