Coinbase, the world’s third-largest cryptocurrency exchange, was hit by a $20 million extortion attempt after cybercriminals recruited “multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access”, and to leak user data, the company said according to CoinTelegraph.
According to a May 15 blog post and an 8K filing with the SEC, Coinbase said a group of external actors bribed and coordinated with several customer support contractors to access internal systems and steal limited user account data.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said. In an email to clients, the exchange said that the leaked information “did not include your password, seed phrase, private keys, or any other information that would allow someone to directly access your account or your funds and Coinbase Prime was untouched”; but the hack could have included information like:
- Personal identifiers (e.g., name, date of birth, masked social security numbers (last 4 digits), masked bank account numbers and some bank account identifiers, address, phone number, email address)
- Images of Government identification information (e.g., driver’s license number, passport number, national identity card number)
- Account information (e.g., transaction history, balance, transfers, date you opened your account)
Less than 1% of Coinbase’s monthly transacting users’ data was affected by the attack, the company said.
After stealing the data, the attackers attempted to extort $20 million worth of Bitcoin from Coinbase in exchange for not disclosing the breach. Coinbase refused the demand. Instead, the company offered a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.
In 2024, Coinbase was the most impersonated cryptocurrency brand by scammers.
Coinbase said it will reimburse users who were tricked into sending cryptocurrency to phishing scammers, with expected remediation and reimbursement expenses ranging from $180 million to $400 million.
The crypto exchange disclosed the estimate in an 8-K filing with the US Securities and Exchange Commission on May 15, noting the expenses relate to “voluntary customer reimbursements” and other remediation efforts.
The attackers have been approaching the exchange’s overseas customer support agents for months, aiming to “bribe” them in exchange for customer information, said Coinbase co-founder and CEO Brian Armstrong in a May 15 X post.
The exchange said that following the attack it would strengthen its internal data management processes and relocate some of its customer support operations to avoid similar incidents.
Social engineering schemes are a growing concern for Coinbase users. Blockchain security analyst ZachXBT estimated that users lost around $45 million to phishing schemes in the week leading up to May 7.
The blockchain security analyst previously claimed that social engineering scams cost Coinbase users over $300 million annually, Cointelegraph reported on Feb. 4.