On May 15, Coinbase revealed that a group of overseas customer support agents were targeted in a bribery scheme that led to a data breach affecting a small fraction of its user base. The company declined a $20 million extortion demand from the attackers and is cooperating with U.S. and international law enforcement.
According to Coinbase, the incident involved a small number of third-party support personnel who were offered cash in exchange for copying data from internal systems. The breach affected less than 1% of Coinbase’s monthly transacting users, with attackers gaining access to sensitive personal information, including names, contact details, masked Social Security numbers, partial bank information, government-issued ID images, and account data.
Company Response and User Impact
Coinbase said it will reimburse customers who lost funds due to social engineering tactics that followed the breach. Affected individuals were notified via email at 7:20 a.m. ET on May 15. While no login credentials, 2FA codes, private keys, or customer wallets were compromised, the company acknowledged the seriousness of the incident.
In response, Coinbase has imposed additional identity verification steps for flagged accounts, particularly for large withdrawals. Users may experience transaction delays as part of heightened fraud monitoring.
The company is also establishing a new support centre in the United States and enhancing internal monitoring and controls at all support locations. Measures include insider threat detection and system stress testing to identify vulnerabilities.
Reward Fund and Law Enforcement Involvement
Rather than meet the attackers’ demand, Coinbase is offering a $20 million reward for information leading to the arrest and conviction of those responsible. It has also worked with blockchain analysis partners to tag crypto addresses linked to the attackers, enabling law enforcement to trace any stolen assets.
Employees implicated in the scheme were terminated and referred to the appropriate authorities. Coinbase said it will pursue criminal charges against those involved. The company emphasised its intent to remain transparent as the investigation unfolded and encouraged individuals with relevant information to contact its security team directly.
