Coinbase (NASDAQ:COIN), the only publicly traded crypto exchange in the US, is reporting it was the target of a cyber attack that saw criminals attempt to extort $20 million from the firm to make it all go away.
According to a blog post, bad actors from outside the US bribed a “small group of insiders” to share data from their customer support tools. The crooks sought to leverage the info to scam people out of their crypto by presenting themselves as Coinbase, the company.
Coinbase stated that the attack accessed less than 1% of monthly transacting users. The information gleaned includes:
- Name, address, phone, and email
- Masked Social Security (last four digits only)
- Masked bank‑account numbers and some bank account identifiers
- Government‑ID images (e.g., driver’s license, passport)
- Account data (balance snapshots and transaction history)
- Limited corporate data (including documents, training material, and communications available to support agents)
Apparently, no login credentials were compromised.
Coinbase outlined its moves following the hack, setting up a $20 million reward fund for information that uncovers the offenders. The company added that it would work with global enforcement agencies to pursue the criminals and said insiders identified as complicit were fired immediately. Coinbase will also pursue criminal charges against the offenders.
Coinbase stated that it will voluntarily reimburse retail customers who may have mistakenly sent funds to the scammers as a direct result of the incident before the date of the post, following a review to confirm the facts.
Nick Jones, Founder and CEO of Zumo, commented on the embarrassing event, stating that as the industry grows, it will continue to draw the attention of bad actors who are increasingly becoming more sophisticated in their attacks—sometimes by utilizing AI.
“This is understandably a huge blow for a company that has had a pivotal few weeks, announcing the acquisition of Deribit in the digital market’s largest deal to date, and then joining the S&P 500,” said Jones. “This attack underlines the critical importance of robust cybersecurity measures. The European Union (EU) introduced its Digital Operational Resilience Act (DORA) earlier this year with an emphasis on financial institutions ensuring the resilience of their supply chain, promoting better data hygiene, and sharing usable insights on attacks they have experienced to strengthen the industry’s perimeter. This seems particularly pertinent as it emerges that the hack occurred when attackers bribed overseas support staff.”
Shares of Coinbase are down by over 4% in early market trading on an overall down day.