Coinbase Security Breach licks user data and state IDS »techworm

In a significant incident with cyber security, Coinbase has confirmed that cybercrimal, which was supported by a group of bribes Rogue support agents, stole sensitive customer data in order to blackmail the company for $ 20 million.

The incident was illustrated after the attackers contacted Coinbase by e -mail on May 11, 2025 and asked for a ransom of 20 million US dollars in exchange for the stolen data.

However, the largest cryptocurrency exchange based in the USA refused to pay the ransom and instead decided to set up a $ 20 million reward fund for information that led to the arrest and conviction of the criminals responsible for the attack.

What happened

According to the official blog post from Coinbase on May 15, 2025, the violation occurred when a small group of Rogue customer service entrepreneurs in overseas was recruited by cybercriminals by bargain brilliant funds in order to bribe data for less than 1% of the monthly transactions of Coinbase.

Their goal was to create a list of customers that they could identify by imitation Coinbase to make users give up their cryptocurrency. Then they tried to blackmail Coinbase and demanded $ 20 million to keep the violation hidden. However, Coinbase rejected the offer.

What was stolen

The stolen information include:

• Name, address, telephone and e -mail address;
• Masked social security numbers (only 4 digits);
• Masked bank account numbers and some bank account identifiers;
• Government -ID images such as driver's license and passport;
• Contonate balance snapshots and transaction history; And
• Limited corporate data, including documents, training material and communication that are available to support agents

“Cybercriminals have bribed and recruited a group of villains in overseas support agents to steal the customer data for the coin base to facilitate social engineering attacks. These insiders have misused their access to customer support systems to steal the account details for a small subgroup of customers,” wrote Coinbase in a blog post on Thursday.

“No passwords, private keys or means were exposed and Coinbase Prime accounts are untouched.”

Coinbase security measures

Coinbase has announced that it will take full responsibility for the protection of the affected users. Termed customers who were notified by E -Mail on May 15 will be refunded if they were transferred to fraudsters to fraudsters due to attacks on social engineering.

In addition, the company implements stricter payment controls, since marked accounts now require additional identity check for large transactions and new input requests for fraud. A new support hub is opened in the USA and greater security controls and surveillance is added at all locations.

In order to prevent future violations, the company has also increased the detection of insider threats, security threat simulation and automated reaction in order to identify similar safety threats in its infrastructure.

Stand for blackmail

Instead of paying the ransom, Coinbase offers anyone who can help bring the perpetrators to court. The company also works with the US and international law enforcement authorities and has already released the exchange personnel involved in the violation. Criminal charges will raise.

“In collaboration with industry partners, we followed the attackers with the attackers with the day of the attackers with the day and work on winning assets,” added the company.

Recommendation to user

Coinbase asks customers to stay vigilant, as fraudsters may try to use the situation by pretending to be a coinbase employee. The company confirmed that it will never ask for passwords or 2FA codes or ask the users to move money into a certain or new address, an account, a vault or a wallet or the users of calls or text in order to move means to a “safe” wallet.

In this case, the crypto excchange proposes [email protected] Report suspicious activities.

In order to protect against potential data injuries, Coinbase recommends that its users activate the two-factor authentication (2FA) and switch on the deduction approval for secure transmissions.

“The concerns and inconvenience that this incident caused us does the concerns and we will always have problems if they occur and invest in first -class defenses – because we protect our customers in this way and protect the crypto economy for everyone,” Coinbase concluded.