Coinbase Refuses $20 Million Ransom Demand Over Stolen Data by Rogue Employees
05/15/2025 18:20
Coinbase refuses $20 million ransom, launches $20 million bounty to catch cyberattackers; data breached but funds and keys remain secure.
Coinbase says cybercriminals bribed a small group of overseas support contractors to pull customer data from internal tools, hitting “less than 1 %” of its monthly active users.
The exchange said the breach did not expose any passwords, private keys, or funds, and that Coinbase Prime accounts remained untouched.
Coinbase Attackers Demanded $20 Million Ransom
The attackers demanded a $20 million payment to keep the incident quiet. However, Coinbase said that it refused and redirected the sum into a $20 million reward fund for information leading to their arrest and conviction.
“We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” Coinbase said.
Stolen records include names, addresses, phone numbers, masked Social Security digits, partial bank details, and account snapshots.
“Their [attackers] aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the exchange added.
The company vowed to make victims “whole” if follow-up social-engineering scams lured them. New withdrawal friction, extra ID checks, and real-time scam prompts are already live on flagged accounts.
Preventive measures include a new US support hub, stronger insider-threat detection, and nonstop red-team simulations. Coinbase has referred the fired insiders to the US and international law enforcement agencies. The exchange will also be working with blockchain analytics firms to tag the attackers’ addresses and freeze stolen funds.
The news comes just days after Curve Finance warned users that its website may have been hijacked in an attack.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Harsh Notariya is an Editorial Standards Lead at BeInCrypto, who also writes about various topics, including decentralized physical infrastructure networks (DePIN), tokenization, crypto airdrops, decentralized finance (DeFi), meme coins, and altcoins. Before joining BeInCrypto, he was a community consultant at Totality Corp, specializing in the metaverse and non-fungible tokens (NFTs). Additionally, Harsh was a blockchain content writer and researcher at Financial Funda, where he created...
Harsh Notariya is an Editorial Standards Lead at BeInCrypto, who also writes about various topics, including decentralized physical infrastructure networks (DePIN), tokenization, crypto airdrops, decentralized finance (DeFi), meme coins, and altcoins. Before joining BeInCrypto, he was a community consultant at Totality Corp, specializing in the metaverse and non-fungible tokens (NFTs). Additionally, Harsh was a blockchain content writer and researcher at Financial Funda, where he created...
READ FULL BIO