Coinbase has publicly outlined a recent extortion attempt that targeted its support operations and customer data.
The company CEO, Brian Armstrong, says a small group of overseas customer service agents were approached by criminals who offered cash to copy user information.
The attackers hoped to use those details to trick customers into transferring their crypto and then demand a $20 million payoff to stay silent. Coinbase refused to negotiate.
Data Breach Details
According to the blog post, the insiders stole personal information for under 1% of Coinbase’s active users. The stolen data included names, addresses, phone numbers, email addresses, and partial Social Security numbers.
Some bank account details and government-issued ID images were also taken. Attackers gained snapshots of balances and transaction histories, along with select internal documents used by support staff.
What remained safe were login passwords, two-factor codes, private keys, and any access to customer or corporate wallets.
Immediate Response
Coinbase moved quickly once the breach came to light. The company says it investigated the incident and tightened its controls. Customers who fell victim to related scams will be fully reimbursed.
Impacted accounts now face extra checks for large withdrawals, and users will see clear warnings about potential fraud on their dashboards. These steps aim to make sure no one loses funds because of this attack.
Strengthening Security
To block future insider threats, Coinbase plans to open a new support centre in the United States. All existing hubs will see stronger monitoring and stricter access rules.
The company is boosting its investments in threat detection tools and running simulated attacks on its own systems. By stress-testing every part of its infrastructure, Coinbase hopes to find and fix any weak spots before real hackers do.
Holding Criminals Accountable
Rather than pay the $20 million extortion fee, Coinbase is offering a reward of equal size for information that leads to arrests and convictions. The company has labelled the attackers’ addresses to help trace stolen funds through industry partnerships.
Those found to be involved have been immediately fired and referred to law enforcement agencies worldwide. Coinbase has pledged to press charges wherever possible.
Industry Warnings
In light of this incident, Coinbase reminded users to stay vigilant. The exchange will never ask for passwords, two-factor codes, or seed phrases over the phone or email.
Customers should ignore messages that urge them to move assets to new addresses or call unknown numbers. The notice follows recent alerts from Binance’s CEO about increasingly clever phishing scams aimed at crypto holders.
Financial Impact
Coinbase now expects to spend between $180 million and $400 million covering costs tied to this security breach.
Those amounts include reimbursements to defrauded customers and extra investment in safety measures. While large, the company says the price is worth paying to maintain trust and protect its user base.
As Coinbase rolls out these changes, its teams will closely monitor for any new threats. The company plans regular updates on the investigation’s progress.
Also Read: Coinbase CEO Plans Continued M&A Expansion, Backed By Nearly $10B Resources