Coinbase Hacked, Attackers Bribed Company’s Employees for Customer Data
In 2024, Coinbase was the most impersonated cryptocurrency brand by scammers.
Coinbase, the world’s third-largest cryptocurrency exchange, was hit by a $20 million extortion attempt after cybercriminals recruited “multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access”, and to leak user data, the company said according to CoinTelegraph.
(ZH) – According to a May 15 blog post and an 8K filing with the SEC, Coinbase said a group of external actors bribed and coordinated with several customer support contractors to access internal systems and steal limited user account data.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said. In an email to clients, the exchange said that the leaked information “did not include your password, seed phrase, private keys, or any other information that would allow someone to directly access your account or your funds and Coinbase Prime was untouched”; but the hack could have included information like:
- Personal identifiers (e.g., name, date of birth, masked social security numbers (last 4 digits), masked bank account numbers and some bank account identifiers, address, phone number, email address)
- Images of Government identification information (e.g., driver’s license number, passport number, national identity card number)
- Account information (e.g., transaction history, balance, transfers, date you opened your account)
Less than 1% of Coinbase’s monthly transacting users’ data was affected by the attack, the company said.
Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: https://t.co/SidVn59JCV
— Coinbase 🛡️ (@coinbase) May 15, 2025
After stealing the data, the attackers attempted to extort $20 million worth of Bitcoin from Coinbase in exchange for not disclosing the breach. Coinbase refused the demand. Instead, the company offered a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.
In 2024, Coinbase was the most impersonated cryptocurrency brand by scammers.
Coinbase said it will reimburse users who were tricked into sending cryptocurrency to phishing scammers, with expected remediation and reimbursement expenses ranging from $180 million to $400 million.
The crypto exchange disclosed the estimate in an 8-K filing with the US Securities and Exchange Commission on May 15, noting the expenses relate to “voluntary customer reimbursements” and other remediation efforts.
The attackers have been approaching the exchange’s overseas customer support agents for months, aiming to “bribe” them in exchange for customer information, said Coinbase co-founder and CEO Brian Armstrong in a May 15 X post.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
The exchange said that following the attack it would strengthen its internal data management processes and relocate some of its customer support operations to avoid similar incidents.
Social engineering schemes are a growing concern for Coinbase users. Blockchain security analyst ZachXBT estimated that users lost around $45 million to phishing schemes in the week leading up to May 7.
The blockchain security analyst previously claimed that social engineering scams cost Coinbase users over $300 million annually, Cointelegraph reported on Feb. 4.
___________
Header featured image (edited) credit: Org. post teaser/ Emphasis added by (TLB)
••••
••••
Stay tuned…
••••
The Liberty Beacon Project is now expanding at a near exponential rate, and for this we are grateful and excited! But we must also be practical. For 7 years we have not asked for any donations, and have built this project with our own funds as we grew. We are now experiencing ever increasing growing pains due to the large number of websites and projects we represent. So we have just installed donation buttons on our websites and ask that you consider this when you visit them. Nothing is too small. We thank you for all your support and your considerations … (TLB)
••••
Comment Policy: As a privately owned web site, we reserve the right to remove comments that contain spam, advertising, vulgarity, threats of violence, racism, or personal/abusive attacks on other users. This also applies to trolling, the use of more than one alias, or just intentional mischief. Enforcement of this policy is at the discretion of this websites administrators. Repeat offenders may be blocked or permanently banned without prior warning.
••••
Disclaimer: TLB websites contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to our readers under the provisions of “fair use” in an effort to advance a better understanding of political, health, economic and social issues. The material on this site is distributed without profit to those who have expressed a prior interest in receiving it for research and educational purposes. If you wish to use copyrighted material for purposes other than “fair use” you must request permission from the copyright owner.
••••
Disclaimer: The information and opinions shared are for informational purposes only including, but not limited to, text, graphics, images and other material are not intended as medical advice or instruction. Nothing mentioned is intended to be a substitute for professional medical advice, diagnosis or treatment.
Leave a Reply