Hackers exploit bribed agents in international scam targeting crypto exchange customers
Coinbase, the largest cryptocurrency exchange in the United States, has revealed that cyber criminals gained unauthorised access to customer data through a bribery scheme involving overseas customer service agents. The attackers are now demanding a $20 million (€17.6 million) ransom to prevent the release of the stolen data.
In a statement posted Thursday on social media, Coinbase CEO Brian Armstrong said the breach involved sensitive personal information, including customer names, birth dates, and partial national identification numbers. According to Armstrong, the attackers bribed some customer service representatives based outside the US to obtain the data.
The stolen information, Armstrong warned, is being used in sophisticated social engineering schemes. “The stolen data allows them to conduct social engineering attacks where they can call our customers impersonating Coinbase customer support and try to trick them into sending their funds to the attackers,” he said.
Coinbase did not disclose the number of affected users, nor did it confirm how many were successfully defrauded through these tactics. However, the company pledged to reimburse any customers who suffered financial losses due to the incident.
In a filing with the US Securities and Exchange Commission (SEC), Coinbase estimated it could incur costs ranging between $180 million and $400 million (€158 million to €352 million) for remediation efforts and customer reimbursements. The filing also revealed that the company identified internal employees accessing customer data “without business need.” Those employees have since been dismissed, the company confirmed.
“We have taken swift action,” the company said in a statement, noting that new fraud prevention measures have been implemented in response to the breach.
Coinbase reported receiving a ransom email from the attackers on Sunday, in which the perpetrators demanded $20 million in bitcoin to keep the stolen customer data private. Rather than comply, Armstrong announced that Coinbase is offering a $20 million (€17.6 million) bounty to anyone who can help identify and apprehend those responsible.
“For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice,” Armstrong stated. “And know you have my answer.”
The breach underscores the vulnerability of global crypto platforms to insider threats and highlights the growing threat posed by social engineering—a technique that continues to exploit the human element of cybersecurity.
Coinbase has not provided a timeline for a full investigation but reiterated its commitment to protecting customer assets and ensuring accountability.
