Insider Bribes Behind Coinbase Hack Exposing Customer Data

Crypto exchange giant Coinbase is reeling from a cyberattack that exposed sensitive customer data, prompted a $20 million extortion attempt, and could cost the company up to $400 million in remediation. The breach, disclosed this week via Coinbase’s official blog and a filing with U.S. regulators, is the latest and most damaging in a series of escalating threats facing crypto platforms.

According to TechCrunch, the attack stemmed from a coordinated scheme in which hackers bribed overseas support agents to extract data from Coinbase’s internal systems. The attackers were able to exfiltrate names, addresses, partial Social Security numbers, masked banking details, government-issued ID images, and transaction histories for less than 1% of the company’s 9.7 million monthly users. Coinbase emphasized that no funds, private keys, or login credentials were compromised but acknowledged that the attackers attempted to use the data for social engineering.

“The criminals had gained access to less than 1% of its customer data, which they then used to impersonate the firm and trick people into handing over their crypto,” BBC reported, adding that Coinbase’s refusal to pay the $20 million ransom coincided with a sharp 4.1% dip in its share price.

In response, the company launched a $20 million bounty fund for information leading to the perpetrators’ arrest. “Instead of funding criminal activity, we’re reinforcing our controls and reimbursing victims,” Coinbase said, pledging to work with law enforcement and strengthen defenses, including a new U.S.-based support hub.

This breach echoes patterns we reported earlier this year, when a phishing campaign targeted Coinbase users through compromised wallet recovery phrases. That scheme also exploited trust in Coinbase’s infrastructure to steal funds.

Coinbase’s SEC filing, though briefly inaccessible during the initial disclosure, estimates total remediation and reimbursement costs between $180 million and $400 million. All affected users were notified on May 15, and the company has since implemented stricter ID checks and withdrawal restrictions on flagged accounts.

A Coinbase spokesperson told TechCrunch that the implicated support agents were immediately terminated and referred to authorities. “We’re cooperating closely with law enforcement to pursue the harshest penalties possible,” the company reiterated, both in public statements and regulatory filings.