According to Coinbase, bribes have forwarded data to Hacker who are looking for 20 million US dollars to Ransom – Silicon Valley

(Bloomberg/Emily Nicolle) -Coinbase Global Inc. said that Hacker bribed the contractors or employees outside the USA to steal sensitive customer data, and demanded a ransome of $ 20 million in one of the most profiled security breaches of a crypto trading platform.

The largest US crypto excchange indicated that the ransom was not to be paid and estimated that the incident could cost the company based in San Francisco up to $ 400 million.

Criminals had offered Coinbase Customer Support Agents Cash to copy customers such as names, addresses, account details and state ID images, the stock exchange said in a statement on Thursday. The attackers planned to use this data to do it as if it were Coinbase and convince the users to hand over their crypto while demanding ransom from exchange to cover them up.

Less than 1% of Exchange's monthly transactions were affected, said Coinbase. Coinbase would not only increase security controls for those affected, but would also reimburse everyone who has lost money. The exchange also announced that it offers everyone with information that leads to the arrest and conviction of the attackers a bounty of $ 20 million.

According to Coinbase, preliminary estimates suggested that, according to a statutory submission published on Thursday, it would be between 180 and 400 million US dollars in “renovation costs and voluntary customer refunds” in relation to the incident. A further review of potential losses, compensation claims and potential recovery could significantly increase or reduce this estimate, added.

Hacks have exposed the crypto industry to anonymity and complex digital software thanks to its strong trust. According to the research chain chain, around 2.2 billion dollars for such incidents were lost in 2024. Operation at the risk of an attack was particularly painful for the crypto exchange, which are often important targets and are exposed to high persistent costs to maintain strict security.

The incident was made when Coinbase joined the S&P 500 index next week. The inclusion in the benchmark is more important for companies in a world that is increasingly dominated by passive investment funds and wraps the shares of Coinbase into numerous trackers after the index. The coin base shares slipped by more than 3%on Thursday in retail in front of the market.

The Hackers from Coinbase use a so -called social engineering attack – in which criminal people use to gain unauthorized access to data instead of using errors in the computer code. This type of threat has become increasingly popular in crypto, which led to the latest major incidents such as the 1.5 -billion dollar -hack from Crypto Exchange Bybit in February.

On May 11, an unknown attacker sent Coinbase by e -mail to say that he received customer information and some internal coinbase documentation, the exchange said in the submission. They called for Bitcoin 20 million US dollars in order not to go to the fact that they had received such data into their hands, added Coinbase Chief Executive Officer Brian Armstrong in a video that was published on social media.

In the months before this e -mail, Coinbase had already found cases of customers support agents who gained information about internal coinbase systems without needing them for their job. After the discovery, these workers were immediately terminated and Coinbase said that they warned customers who may have been affected. When the e -mail from May 11th appeared, Coinbase found that these employees had been part of a single campaign that was orchestrated by the hacker to steal this data.

“These attackers searched for our customer service staff in overseas service members and searched for a weak leak, someone who would accept a bribe to share some customer information with them,” said Armstrong in the video. “Unfortunately they could find a few bad apples.”

(Updates to add context and comment from Coinbase from the sixth paragraph)

Other stories like this are available on Bloomberg.com

© 2025 Bloomberg LP

Originally published: May 15, 2025 at 9:06 a.m. PDT