Coinbase Faces $400 Million Bill After Data Leak and Hack

Coinbase has confirmed a major cybersecurity breach, disclosing in a report to the U.S. Securities and Exchange Commission that hackers bribed employees to gain access to sensitive internal information and customer data. The incident could cost the company between $180 million and $400 million in reimbursements and security fixes.

Good to know

• Hackers offered bribes to overseas Coinbase support agents.
• Stolen data includes names, account details, masked IDs, and government documents.
• Coinbase refuses to pay a $20 million ransom and is cooperating with law enforcement.

The breach came to light after Coinbase received an extortion email on May 11. The attackers demanded $20 million in Bitcoin in exchange for not leaking the stolen data. Coinbase declined to pay and immediately launched an internal investigation, firing the involved employees and alerting the authorities.

According to the company’s disclosure, the stolen data includes customers’ names, contact details, partial Social Security and bank account numbers, and even images of government-issued IDs. Internal corporate documents and materials used by support agents were also accessed.

Coinbase vows to reimburse and strengthen defenses

In a video shared on X, CEO Brian Armstrong reassured customers that Coinbase will make full reimbursements to those impacted and will take additional steps to upgrade its cybersecurity infrastructure. He also noted that the employees involved were all part of the company’s overseas support team and confirmed those individuals have been terminated.

Armstrong added that Coinbase will relocate certain parts of its customer support operations to reduce future risks. The company is also working with law enforcement to identify and prosecute the attackers.

The attack comes at a time when Coinbase continues to play a central role in the U.S. crypto market. As the largest American-based crypto exchange by trading volume, the platform’s handling of this incident is being closely watched by both regulators and the wider crypto community.

While Coinbase has not confirmed the exact number of affected users, the estimated remediation and reimbursement costs are expected to reach up to $400 million. The company’s stock (COIN) fell more than 4% after the news broke.