Coinbase hacked: Data of thousands exposed in $20M extortion scheme. Company fights back with $20M bounty

Coinbase confirmed Thursday that a security breach exposed personal data tied to thousands of customers, or less than 1% of its monthly users. The breach wasn’t caused by a technical flaw. It came down to bribery. Hackers paid off overseas customer support agents to gain access to sensitive customer information.

The attackers obtained names, birthdates, email and home addresses, account balances, and transaction histories. They did not access passwords, private keys, or customer funds. Coinbase Prime accounts were not affected.

“Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers,” Coinbase said in a post on X.

Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: https://t.co/SidVn59JCV

— Coinbase 🛡️ (@coinbase) May 15, 2025

The crypto company said it rejected a $20 million ransom demand from the attackers. Instead, it put up a $20 million reward for information that leads to the arrest and conviction of the people responsible.

Inside the Coinbase Data Breach

This wasn’t a smash-and-grab job. According to Coinbase, the hackers had been working the support channels for months, bribing contractors to get into internal systems. Once inside, they used the data to run phishing scams by pretending to be Coinbase reps.

Coinbase shared the details in a post on X, clarifying that only a small fraction of its more than 100 million users (as reported in 2022) were affected. Still, the data stolen was enough to trick some users into handing over their crypto.

CNBC reported that the threat actors paid customer support staff and contractors for access. Some internal corporate documents were taken too, but Coinbase hasn’t said which ones. The company caught wind of the activity months ago and has since been alerting affected users.

No Ransom, Just a $20M Bounty

Instead of paying the ransom, Coinbase decided to go after the attackers with a $20 million bounty. A blog post and public comments made it clear: “We will pursue the harshest penalties possible.”

CEO Brian Armstrong confirmed the bribes on X, saying the criminals were approaching third-party agents for months. Coinbase has since kicked off a complete overhaul of its support operations.

That includes pulling sensitive support functions back into the U.S., limiting how much data contractors can see, rolling out insider threat monitoring, and requiring scam-awareness prompts and ID checks for accounts flagged as suspicious.

The Fallout

Fixing this won’t be cheap. Coinbase estimated the breach could cost between $180 million and $400 million, mostly in reimbursements to customers who got phished and in beefing up security systems. These numbers were disclosed in an 8-K filing with the SEC.

Blockchain investigator ZachXBT said Coinbase users lost roughly $45 million to phishing scams just in the first week of May. That gives a sense of the damage scammers can do with basic personal info.

Bigger Picture

This isn’t Coinbase’s first run-in with security problems. Just two months ago, the company dealt with a supply chain attack via GitHub Actions, though customer data stayed safe that time. But this latest incident shines a light on a different problem—outsourcing critical operations.

Outsourcing support can cut costs, but it can also open the door to things like bribery. Coinbase’s move to relocate support in-house is a clear sign that trust issues with third-party vendors are now front and center.

Crypto Economy pointed out that Coinbase’s refusal to pay up—and its decision to publicly put a price on the hackers’ heads—could become a model for how crypto companies deal with insider threats without looking weak.

What’s Next

Coinbase is promising reimbursements for users impacted by scams and rolling out stronger security alerts. The company has also been unusually transparent, keeping users updated on X and through its blog.

Still, this incident highlights a problem that isn’t going away: social engineering. It doesn’t matter how secure the blockchain is—if attackers can convince people to hand over credentials or click on fake links, the damage is real.

Coinbase’s response shows it’s taking the situation seriously, but it also signals a broader warning to the crypto industry: you can’t secure tech if you don’t secure the people operating it.