Crypto exchange Coinbase (Nasdaq: COIN) disclosed on May 15 that a group of bribed overseas support agents helped cybercriminals steal user data in a coordinated extortion attempt. The attackers targeted internal customer support systems and accessed personal information belonging to fewer than 1% of monthly transacting users.

Coinbase confirmed that login credentials, private keys, and customer funds were not compromised. “Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company stated, emphasizing:

No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker.

According to the crypto exchange, the compromised data included names, addresses, phone numbers, and email addresses. In addition, the attackers obtained masked social security numbers (limited to the last four digits), partially redacted bank account information, government-issued ID images such as driver’s licenses and passports, and account-specific data including transaction history and balance snapshots. Limited internal corporate information—like training materials, documents, and communications visible to support agents—was also accessed. However, Coinbase clarified that the attackers did not obtain login credentials, two-factor authentication codes, or access to any hot or cold wallets, including Coinbase Prime accounts.

Coinbase stated that after the attack, the perpetrators attempted to extort the company for $20 million to suppress information about the incident. The exchange disclosed:

They then tried to extort Coinbase for $20 million to cover this up. We said no.

“Instead of paying the $20 million ransom, we’re establishing a $20 million reward fund for information leading to the arrest and conviction of the attackers,” the exchange added.

In parallel, Coinbase is reimbursing affected users and implementing stronger protective measures. These include new ID checks on large withdrawals, a U.S.-based support center, upgraded security controls, insider-threat monitoring, and simulation testing for internal threats. Notifications have already been sent to affected users, and Coinbase affirmed its commitment to keeping the community informed throughout the investigation. A formal disclosure was filed with the U.S. Securities and Exchange Commission the same day.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。