Coinbase has revealed that a sophisticated insider bribery scheme led to the theft of sensitive customer data, potentially costing the crypto exchange between $180 million and $400 million in remediation and reimbursements. In an SEC filing, Coinbase disclosed that cybercriminals paid overseas employees and contractors to exploit their access to customer support systems, stealing personal details including names, addresses, masked Social Security numbers and bank account data, email addresses, government IDs, and account metadata. Importantly, passwords and private keys were not compromised.
The attack targeted a “small subset” of users, but the consequences could be vast. Criminals reportedly demanded a $20 million ransom in exchange for the data, but Coinbase refused to pay. Instead, the company has launched a $20 million reward fund for information that could lead to the identification and prosecution of those involved.
Coinbase has pledged to reimburse any customers who were defrauded as a result of the breach and is ramping up its security efforts. This includes working with law enforcement, enhancing verification checks for flagged accounts, and opening a new U.S.-based support center to improve oversight.
This incident underscores the increasing complexity of cyber threats, especially when insider access is involved, and the financial and reputational risks faced by major players in the crypto industry.