Coinbase Hit by Insider Data Breach, Hackers Demand $20M Ransom in Bitcoin
Hackers bribed Coinbase support staff to access sensitive customer data and demanded $20 million in Bitcoin. The exchange refuses to pay and offers a reward for help catching the culprits.
San Francisco, CA — Coinbase, the largest cryptocurrency exchange in the U.S., is facing a serious internal security scandal after revealing that hackers accessed customer data and demanded a $20 million ransom in exchange for not leaking it.
In a statement Thursday, Coinbase confirmed that a group of overseas customer service agents were bribed by cybercriminals who used the stolen information to launch targeted crypto scams. The compromised data includes names, birth dates, and parts of customers' Social Security numbers — sensitive details that scammers used to impersonate Coinbase employees and trick users into handing over their funds.
“These attackers aren’t breaching our systems through code — they’re exploiting trust,” said CEO Brian Armstrong in a social media post. “They’re using social engineering tactics to fool real people into handing over real money.”
Company Refuses to Pay, Offers Bounty Instead
Rather than give in to the hackers' demands, Armstrong said Coinbase won’t pay the ransom — and is instead offering a $20 million reward to anyone who can help identify and bring the attackers to justice.
“We won’t be extorted,” he said. “If you have information that leads to their arrest, we’ll pay you.”
Coinbase received the ransom demand last Sunday, with attackers threatening to release stolen data unless they were paid in Bitcoin.
How the Breach Happened
Coinbase disclosed in a filing with the Securities and Exchange Commission (SEC) that it had previously discovered “a small number” of its customer support agents accessing data they weren’t authorized to view. Those employees have since been terminated, and the company said it’s reinforcing internal controls.
Though it’s unclear how many users were affected, the company expects to spend between $180 million and $400 million on response efforts, including customer reimbursements and fraud prevention upgrades.
The company has pledged to cover losses for any customers impacted by the scam.
???? URGENT: Coinbase Breach — Internal support agents bribed, personal data leaked for <1% of users, company promises full reimbursement pic.twitter.com/dMlecNAiJf — Juan Cienfuegos | BitCorner (@TheJuanSC) May 15, 2025
Why This Breach Is a Wake-Up Call
This incident is a stark reminder that even the most secure platforms can be compromised — not just through code, but through people. Coinbase didn’t fall victim to a complex cyberattack; it was betrayed by a few insiders who gave up customer data for money.
What’s especially troubling is that the data stolen wasn’t just usernames or emails — it included partial Social Security numbers and enough personal information to launch convincing scams. For users, that means the risk doesn’t stop at this breach. Phone calls, phishing attempts, and impersonation schemes may follow for months.
It also raises bigger questions about how crypto companies are managing remote teams and overseas support operations. If a handful of employees can leak sensitive data, what other vulnerabilities are going unnoticed?
The fact that Coinbase is refusing to pay the ransom — and instead offering the same amount as a bounty — sends a message to cybercriminals. But whether that approach discourages future attacks or just escalates the conflict remains to be seen.
Also Read: Surge in Cryptocurrency Theft Through Hacking in First Half of 2024
