'We said no': Coinbase reveals extortion attempt from cyber actors

Cyber actors obtained customer data by bribing Coinbase personnel

'We said no': Coinbase reveals extortion attempt from cyber actors

Cryptocurrency firm Coinbase has disclosed an attempted extortion by cybercriminals who obtained information about certain users through bribed overseas staff.

The firm said on Thursday that it received an email communication from an unknown threat actor claiming to have obtained information about certain customer accounts.

The communication demanded a $20 million ransom in exchange for not publicly disclosing the information.

"We said no," Coinbase said in a blog post.

According to the firm, the compromised information included:

  • Name, address, phone, and email
  • Masked Social Security (last four digits only)
  • Masked bank‑account numbers and some bank account identifiers
  • Government‑ID images (e.g., driver's licence, passport)
  • Account data (balance snapshots and transaction history)
  • Limited corporate data (including documents, training material, and communications available to support agents)

"No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched," the company said.

Employees bribed to get info

Coinbase disclosed in a Securities and Exchange Commission filing that the cyber actors obtained their users' information by bribing multiple contractors or employees who were working in support roles outside the United States.

These people had access to internal Coinbase systems as part of their job responsibilities.

According to Coinbase, it detected these personnel's access in security monitoring in the previous months.

"Insiders were fired on the spot and referred to U.S. and international law enforcement. We will press criminal charges," Coinbase said.

$20 million reward offered

Instead of paying the $20-million ransom, Coinbase said it is establishing a $20-million reward fund for information leading to the arrest and conviction of the attackers.

Coinbase also volunteered to reimburse any retail customers who may have sent funds to the threat actors as a result of the incident.

"To the customers affected, we're sorry for the worry and inconvenience this incident caused," it said.

The company added it is now working with law enforcement in the investigation of the case. It is also reviewing and boosting its anti-fraud protections and is now opening a new support hub in the US to prevent similar incidents in the future.

It estimates that the incident will cost the company between $180 and $400 million, based on remediation costs and voluntary customer reimbursements.

"The Company plans to aggressively pursue all remedies. As the Company's investigation is ongoing, the full impact of these events are not yet known," it said.

Latest News

Expertise economy sees massive growth in 2024, report finds
Trump admin asks Supreme Court to get mass layoffs executed
16-year wait: Ontario MPPs given pay raise, pension under legislation
Quebec employer sparks backlash with anti-woke job ad
Nova Scotia dismantling more interprovincial trade barriers with new legislation