Coinbase Tells Hackers to Pound Sand After $20M Ransom Demand Over Insider Data Theft
Coinbase just schooled cybercriminals on how to handle extortion—by slamming the vault shut. The exchange confirmed rogue employees stole sensitive data, but refused to pay the $20M ransom demand in classic crypto ’talk-to-the-hand’ fashion.
Insiders Gone Rogue
The breach exposes the Achilles’ heel of even the most compliant exchanges: human risk. Despite military-grade encryption, all it took was a few bad actors with access to turn ’trustless’ systems into leaky sieves.
The New Playbook
By publicly rejecting negotiations, Coinbase sets a precedent that could reshape crypto crisis response—no more quietly paying off threats like traditional banks. Of course, this being crypto, the stolen data’s already doing laps on dark web forums (some things never change).
One thing’s clear: in the Wild West of digital assets, even the sheriffs have to watch their deputies.
Coinbase Attackers Demanded $20 Million Ransom
The attackers demanded a $20 million payment to keep the incident quiet. However, Coinbase said that it refused and redirected the sum into a $20 million reward fund for information leading to their arrest and conviction.
“We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” Coinbase said.
Stolen records include names, addresses, phone numbers, masked Social Security digits, partial bank details, and account snapshots.
“Their [attackers] aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the exchange added.
The company vowed to make victims “whole” if follow-up social-engineering scams lured them. New withdrawal friction, extra ID checks, and real-time scam prompts are already live on flagged accounts.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025Preventive measures include a new US support hub, stronger insider-threat detection, and nonstop red-team simulations. Coinbase has referred the fired insiders to the US and international law enforcement agencies. The exchange will also be working with blockchain analytics firms to tag the attackers’ addresses and freeze stolen funds.
The news comes just days after Curve Finance warned users that its website may have been hijacked in an attack.
