Cryptocurrency Fraud , Data Breach Notification , Data Security

A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers and a ransom demand for $20 million. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.

See Also: Top 10 Technical Predictions for 2025

The crypto giant disclosed the numbers in a filing with Maine's attorney general on Tuesday, days after it reported the breach in a Securities and Exchange filing.

Coinbase said that the breach dates back to December, and was the result of bribery schemes targeting its overseas customer support agents. The attackers bribed customer support agents with cash payments and extracted Know Your Customer records, including names, home and email addresses, government-issued IDs, passports, driver licenses and masked bank account numbers.

The hacker also accessed the customers' Coinbase account balances and transaction histories, likely in an attempt to use the information later for phishing and social engineering attacks, Coinbase said.

Passwords, private keys and user funds were secure, and that fewer than 1% of its monthly transacting users were affected, the company said.

Coinbase discovered the incident earlier this month when it received a "credible" ransom note from the alleged hacker, demanding $20 million to delete the data and threatening to release the data on the darkweb. Coinbase said it refused to pay the ransom, announcing a bounty of the same amount for information leading to the attacker's arrest. The company said it was working with industry partners and law enforcement to track and recover the stolen assets, and fired the insiders responsible for the breach and press criminal charges on the unidentified number of staffers.

The Department of Justice's criminal division in Washington reportedly opened an inquiry, and the SEC is reportedly examining whether the company's disclosures following the breach were complete and timely as well as probing prior metrics tied to its 2021 initial public offering.

In its SEC filing, Coinbase estimated that remediation and customer reimbursement expenses could range between $180 million and $400 million, subject to adjustments for indemnification claims and recoveries. The company said that these figures are preliminary and could change based on further review of potential losses.

Michael Arrington, founder and investor, said on social media platform X, formerly Twitter, that the human toll of exposed personal data exceeds the financial estimates. "The human cost, denominated in misery, is much larger than the $400 million or so they think it will actually cost the company to reimburse people," Arrington wrote. He criticized KYC regulations as ineffective and dangerous, calling on regulators and corporations to enhance data protection measures.

In the cryptocurrency market, the collection of KYC data is required by regulators to prevent illegal activities such as money laundering, terrorist financing and tax evasion. Evgeny Gaevoy, CEO of Wintermute, described the hack of Coinbase data as "the dark side of the idiotic and nonsensical KYC/AML regime we live in."

But some Wall Street analysts reportedly saw the share price decline as an entry point. Mizuho Securities analysts, led by Dan Dolev, described the breach as an isolated event, saying that attackers did not access core systems related to passwords or private keys.

Bloomberg reported that similar phishing attempts targeted rival exchanges Binance and Kraken, though the firms blocked the attacks. It is unclear whether the same threat actors were involved.