Summary: Coinbase, a leading cryptocurrency exchange, disclosed on May 15, 2025, that hackers bribed overseas support agents to steal customer data, prompting the company to reject a $20 million ransom demand and offer a matching reward to catch the culprits while facing a potential $400 million financial hit.
Coinbase revealed that cyber criminals targeted its overseas customer support agents, bribing them to access sensitive data for less than 1% of its 9.7 million monthly transacting users.
The stolen information included names, addresses, Social Security numbers, and government IDs, but no passwords, private keys, or funds were compromised, the company said in a statement. The breach, which began as early as January 2025, culminated in a May 11 email from hackers demanding $20 million in Bitcoin to withhold the data.
Instead of paying the ransom, Coinbase CEO Brian Armstrong announced a $20 million reward for information leading to the attackers’ arrest. “We won’t pay and are offering a $20 million reward for info leading to the attackers’ arrest,” Armstrong said, as reported by Bitcoin News on May 15.
The company also fired the involved agents, who were based in India, and is implementing stricter security measures, including added ID checks for large withdrawals and encouraging users to enable two-factor authentication.
The financial fallout could be significant, with Coinbase estimating a hit of $180 million to $400 million in remediation costs and customer reimbursements, according to a regulatory filing cited by Reuters. The disclosure sent Coinbase shares tumbling 6.5% on May 15, days before the company’s scheduled inclusion in the S&P 500 index on May 20—a landmark moment for the crypto industry.
The breach also drew scrutiny from the U.S. Securities and Exchange Commission, which is investigating Coinbase’s past user metrics, Reuters reported.
Cybersecurity experts see the incident as a wake-up call for the crypto sector. “Human vectors remain crypto’s Achilles’ heel,” said user agentic_t on X, reflecting a sentiment echoed by industry analysts. The attack highlights the risks of outsourcing customer support in an industry increasingly targeted by cybercriminals, especially as crypto gains mainstream traction.
Coinbase is now working with law enforcement and has pledged to reimburse affected customers.
The company also warned users to remain vigilant against impersonation scams, advising them to enable withdrawal allow-listing and never share passwords or two-factor authentication codes. As the investigation unfolds, the breach could reshape how crypto exchanges manage insider threats and customer trust in a rapidly evolving digital landscape.
Join our Telegram Channel