Crypto exchange giant hit by high-stakes social engineering attack targeting global support staff
Coinbase, the largest cryptocurrency exchange in the United States, has revealed that hackers demanded a staggering $20 million ransom after orchestrating a highly sophisticated social engineering attack that compromised sensitive customer data.
The company said that bad actors bribed third-party contractors or employees based outside the U.S. in an effort to obtain names, addresses, account details, and government-issued ID images of Coinbase users. The stolen data was reportedly intended to be used in impersonation attempts, with the aim of deceiving users into surrendering their crypto holdings. Hackers also sought to extort Coinbase directly by demanding the multimillion-dollar payment to conceal the breach.
In a statement issued on Thursday, Coinbase confirmed that it had refused to pay the ransom. It warned that the incident could cost the San Francisco-based firm up to $400 million in response efforts and voluntary reimbursements. A regulatory filing released the same day detailed estimated remediation costs ranging between $180 million and $400 million. The company noted that these figures could vary significantly following further assessments of potential losses and recoveries.
Despite the scale of the attack, Coinbase stated that fewer than 1% of its monthly transacting users were affected. The exchange assured users that all impacted individuals would receive full reimbursement if any funds were lost. Additionally, Coinbase announced it had intensified its security protocols for those affected.
In an aggressive move to locate the perpetrators, Coinbase is now offering a $20 million bounty to anyone who can provide information that leads to the identification, arrest, and conviction of those responsible.
The breach has intensified scrutiny over security practices in the cryptocurrency sector, which remains a top target for cybercriminals. According to blockchain analytics firm Chainalysis, crypto-related hacks led to losses exceeding $2.2 billion globally last year alone.
Nick Jones, CEO and founder of crypto platform Zumo, commented on the broader trend, saying: “Unfortunately as our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures.”
Coinbase’s attackers reportedly deployed a social engineering strategy — a form of manipulation that exploits human interaction rather than technical vulnerabilities to gain access to protected data. This method has surged in popularity across the crypto sector, leading to a series of damaging hacks including the $1.5 billion theft from exchange Bybit earlier this year.
The incident arrives at a pivotal moment for Coinbase, as the firm is set to join the S&P 500 index next week — a major milestone that will fold its shares into a broad range of passive investment funds. However, the breach appears to have already rattled investor confidence. As of 9:52 a.m. in New York on Thursday, Coinbase shares had fallen more than 5%, trading at $249.34.
The company’s latest ordeal underscores the evolving threat landscape confronting digital asset platforms and highlights the urgent need for stronger human-centric cybersecurity defences as the crypto industry continues its rapid expansion.
