Coinbase Dangles $20M Bounty for Cyberattack Intel—Because Trusting Crypto Security Is a Full-Time Job
Coinbase just turned white-hat hacking into a lottery. The exchange is offering a staggering $20 million bounty for info on cyber attackers—proof even crypto giants sweat when the servers start blinking red.
Security or publicity stunt? The bounty dwarfs most bug-hunting payouts, suggesting either unprecedented threats or a very expensive PR move. Meanwhile, Wall Street snickers—traditional finance spends that much on a single compliance officer’s annual bonus.
One thing’s clear: in crypto, your private keys might be decentralized, but paranoia still runs on a corporate budget.
Coinbase issues $20 million bounty following breach of customer support
Coinbase opened a $20 million reward for anyone who can provide the identity of looters who attempted to extort the company over a portion of its user data.
The bad actors targeted the exchange’s customer support center by paying employees to provide them with user information. As a result, they managed to gather information belonging to less than 1% of Coinbase customers.
The attackers then contacted affected users, pretending to be from Coinbase support and tricked them into sending money through the exchange. Although several users fell victim to the fraudulent act, none of their accounts were hacked during the process.
"Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto," Coinbase noted in a blog post on Thursday.
The bad actors also sought a ransom of $20 million from Coinbase to conceal the identity of the customers, exchange materials and customer support information, which the exchange refused to pay.
As a response, Coinbase said it took legal action to expose the perpetrators and recover stolen funds. The exchange also stated that it WOULD refund affected customers as it is tracking the wallets holding the stolen cryptocurrencies.
"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," Coinbase wrote.
Coinbase shared in a filing with the US Securities and Exchange Commission (SEC) that it estimates expenses of approximately $180 million to $400 million due to the incident. Before accounting for potential losses, the funds will be used for remediation and voluntary customer reimbursements.
The recent development follows several hacker activities traced to Coinbase in recent months. Blockchain investigator ZachXBT reported that several Coinbase users were victims of a $45 million theft through social engineering scams earlier in May. The on-chain sleuth has reported three exploitation scams from the exchange in 2025, with "nine figures stolen" from users.
