Coinbase Bleeds $400M in Security Breach—User Data Exposed in Latest Crypto Circus

Another day, another crypto exchange with a ’Fort Knox’ complex gets humbled. Coinbase joins the hall of shame after hackers siphoned $400M—because who needs auditors when you’ve got ’trustless’ systems?

Data breach details still emerging, but early reports suggest KYC info may be floating around the dark web. Class-action lawyers are already salivating.

Meanwhile, Bitcoin barely flinched—proving once again that in crypto, the house always wins. Even when it’s on fire.

In Brief

• Cybercriminals bribed foreign support agents to steal data from about 1% of active users, including names, addresses, identity documents, and crypto account balances.
• Coinbase refused to pay the demanded $20 million ransom and instead offers a reward of the same amount for any information leading to the criminals’ arrest.
• The incident could cost the platform between $180 and $400 million.

A Cyberattack Targets Coinbase and Threatens User Trust

On May 11, Coinbase received an anonymous email revealing a data leak and demanding a $20 million ransom in bitcoin. After investigation, the company discovered that cybercriminals had corrupted several foreign technical support agents, thereby creating a breach in their security system.

These dishonest employees extracted sensitive information concerning about 1% of the 10.8 million active users.

Among the compromised data are names, personal addresses, identity documents, partial bank details, and—more worryingly—the exact balances of the victims’ crypto accounts.

“Their goal was to compile a list of clients they could contact pretending to be Coinbase, thereby prompting people to hand over their cryptos to them,” the platform explained in an official statement.

A particularly formidable social engineering strategy amid a context where scams targeting crypto holders are multiplying.

In response, Coinbase immediately fired all involved employees and alerted U.S. authorities. CEO Brian Armstrong publicly refused to yield to the blackmail.

We will not pay your ransom… Instead, we offer a $20 million reward for any information leading to the arrest and conviction of these attackers.

Major Financial and Security Consequences

This cyberattack could cost Coinbase between $180 and $400 million, according to documents filed with the SEC. These expenses will cover repair costs and reimbursements to clients who lost funds.

The announcement also had an immediate impact on the stock price, which fell more than 4% to below $253 during the first hours of trading. This situation is all the more worrying as it occurs just as Coinbase prepares to join the S&P 500 index, a milestone for this company founded in 2012.

To reassure its users, Coinbase confirmed that two-factor authentication codes and private keys were not compromised, and that the company will reimburse all customers who lost funds due to this attack.

The company also put in place additional measures, such as relocating some support operations to the United States and strengthening internal access controls.

In sum, this attack highlights the persistent vulnerability of crypto exchange platforms against cyber threats. At a time when kidnappings and assaults targeting crypto holders are increasing, particularly in France, these data leaks represent a real danger to users who could be targeted by social engineering attacks or, worse, physical assaults.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.