Key Insights:
- Coinbase rejected a $20M ransom demand and offered a $20M bounty instead.
- Data breach affected less than 1% of Coinbase users, and no wallets were compromised.
- Bribed India-based agents leaked user data, fueling phishing scams.
Coinbase faces a cyberattack where the Criminals demanded a $20 million ransom after bribing overseas customer support agents to steal user data. In response, the leading crypto exchange rejected the demand and instead offered a $20 million reward to anyone who helps authorities arrest and convict the attackers.
The company confirmed that the stolen information affected fewer than 1% of its active monthly customers.
Coinbase Data Theft Linked to Rogue Support Agents
According to Coinbase, the attackers offered bribes to overseas customer support agents, who then provided access to sensitive information. These agents worked in India and were immediately terminated when the breach was discovered. The exchange stated that the stolen data included names, addresses, phone numbers, government ID images, and partial financial information.
However, the company clarified that the attackers did not gain access to passwords, 2FA codes, private keys, or wallets. Coinbase Prime accounts were also unaffected. The data breach enabled the criminals to launch targeted social engineering scams by impersonating Coinbase staff.
“The insiders abused their access to our internal support tools,” said Philip Martin, Chief Security Officer of the exchange. “They gave attackers data that was later used in phishing attempts.”
Social Engineering Used to Scam Customers
Using the stolen information, attackers contacted the exchange customers while pretending to be legitimate employees. The purpose was to trick users into transferring their cryptocurrency to the attackers’ wallets. The firm has not disclosed how many users were successfully scammed but stated that affected customers would receive full reimbursement.
The extortion attempt followed soon after the social engineering scams began. Criminals demanded $20 million in Bitcoin, threatening to leak the stolen data if their demand was not met. The leading exchange refused the ransom and instead decided to turn the situation around by offering the same amount as a bounty.
“The knee-jerk reaction of everyone at Coinbase was ‘hell no,’” said Martin. “We do not negotiate with criminals.”
Coinbase Strengthens Internal and External Defenses
To prevent similar breaches, the crypto exchange is making several internal changes. Coinbase is setting up a new customer support center in the U.S. while adding stronger security processes for risky activities. As part of this, users must confirm their identity for big withdrawals, and warnings about scams will be more frequent.
In addition, the exchange has strengthened its threat-finding systems and tested for these kinds of attacks internally to find any flaws. More monitoring will be applied to accounts that are flagged, and some users could wait longer before withdrawing money.
Those impacted by the breach received alerts from the firm, which says it will keep the public updated as it learns new information.
Coinbase In Talks With Law Enforcement and Industry Partners
Coinbase has reported the breach to U.S. and international law enforcement. The company is also working with blockchain analytics firms to trace any stolen funds and identify the digital wallets linked to the criminals. Those addresses have now been flagged to prevent further use on major exchanges.
The $20 million bounty will be paid to anyone who provides verified information that leads to the arrest and conviction of those responsible. Tipsters can contact the company through a dedicated security email, which has been shared in the company’s blog and official channels.
“We are doing everything we can to support the authorities and bring these criminals to justice,” said Martin.
Attempted Kidnapping in Paris Raises Security Concerns
In a separate incident amid rising crypto insecurities, French media reported an attempted kidnapping involving the family of a crypto exchange executive in Paris. According to France 24, four masked men tried to abduct a woman and her child in broad daylight. The attackers beat the woman’s partner during the attempt and tried to force her into a white van.
Authorities believe the motive may be connected to her relationship with a known figure in the crypto industry. The case is under investigation by local police. Surveillance footage has been collected, and the suspects remain at large. In addition, recently in a crypto event, some teens targeted an investor, leading to a heist of around $4M after kidnapping them at gunpoint .
These events have raised concerns over both digital and physical security for those involved in cryptocurrency, as criminals continue to target individuals and institutions.
