Coinbase confirmed a customer data breach on its platform Thursday and claimed a group of rogue overseas support agents recruited by cyber criminals were responsible for the attack. In a video message posted on X, Coinbase CEO Brian Armstrong said cyber attackers wrote to the exchange, claiming they had obtained personal data of a portion of Coinbase users. In exchange for not leaking the data, the attackers allegedly demanded a ransom of $20 million (roughly Rs. 171 crore). The development comes just days after Coinbase became the first crypto firm to have secured a spot on the elite S&P 500 index. The exchange has refused to surrender to the demand of the attackers.

No passwords, private keys, or funds were exposed in the breach, the exchange said. Coinbase Prime accounts, too, were unaffected by the attack. Cyber criminals “bribed and recruited” a group of rogue overseas support agents to steal Coinbase customer data, Coinbase said in a blog post published Thursday.

“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” the firm said.

According to the exchange, the attackers' aim was to execute social engineering attacks and get individuals to transfer funds. Coinbase said it would reimburse customers who were tricked into sending funds to the attacker, but did not elaborate on the details of the reimbursement process. It said the reimbursements would happen voluntarily via Coinbase after facts were reviewed.

As per the exchange, the attackers managed to obtain bank account numbers, government IDs, and the account data of the impacted users. Other details such as names, addresses, emails, and masked social security numbers have also been compromised in the breach. 

The exchange claims that data of less than one percent of its users was breached as part of the incident. It is uncertain if the data breach only affected Coinbase users in the US or if international users were at risk, as well. The exchange recently acquired its FIU registration in India to mark its re-entry into the country.

Addressing the breach, Armstrong said that no ransom would be paid to the attackers. Instead, Coinbase was setting up a $20 million reward fund for information leading to the identification of the attackers.

The exchange said it was working closely with law enforcement agencies to ensure the “harshest” penalties on the attackers. Coinbase is also working with industry partners to trace the attackers through their wallet addresses and attempt to recover assets.

Coinbase has not disclosed the amount wired to the attackers by unsuspecting users.

In the first quarter of this year, Coinbase reported $9.9 billion (roughly Rs. 84,632 crore) in USD resources. The exchange also reported a total revenue of $2 billion between January and March this year, along with a net income of $66 million (roughly Rs. 564 crore).

Just this week, the exchange announced the acquisition of Deribit, a renowned crypto derivatives platform. After completing the $2.9 billion acquisition, Armstrong reportedly said the exchange was planning to explore more mergers and acquisitions.

Affiliate links may be automatically generated - see our ethics statement for details.