Coinbase Confirms Major Data Breach, Hacker Demands $20M Ransom

• The hacker obtained sensitive customer data by paying offshore support staff with internal system access.
• Coinbase expects to spend between $180 million and $400 million on remediation and reimbursements.

Crypto exchange giant Coinbase has revealed that it fell victim to a significant data breach in which hackers accessed sensitive personal information of its customers.

In a filing with U.S. regulators, the company disclosed that a hacker contacted Coinbase earlier this week, claiming to have obtained customer account details and demanding a $20 million ransom to prevent the release of the stolen data.

According to Coinbase, the breach stemmed from multiple support staff working outside the U.S. who were paid by the hacker to extract data from internal systems. These employees or contractors, who had legitimate access for work purposes, have since been terminated.

The malicious activity was detected by Coinbase’s systems “in the previous months,” and the company has already alerted affected customers to prevent misuse of the compromised information.

The stolen data includes customer names, postal and email addresses, phone numbers, and the last four digits of Social Security numbers. Additionally, masked bank account numbers, banking identifiers, and government-issued IDs such as driver’s licenses and passports were taken. Account balance data and transaction histories were also compromised.

Coinbase confirmed that some corporate internal documentation was stolen during the breach as well.

Response and Fallout

CEO Brian Armstrong, in a social media post, confirmed that the hackers demanded $20 million. Coinbase stated that it will not pay the ransom.

A company spokesperson, Natasha LaBranche, said that less than 1% of Coinbase’s 9.7 million monthly customers were affected.

To address the breach, Coinbase announced it is opening a new U.S.-based support hub and enhancing its security infrastructure. The company expects remediation efforts and customer reimbursements to cost between $180 million and $400 million.

Edited by Harshajit Sarmah