- Coinbase declines $20M ransom after data theft incident.
- Increased security controls and new U.S. support hub planned.
- Potential financial exposure estimated up to $400M.
Coinbase disclosed a data breach between May and June 2025 involving bribed overseas agents exfiltrating customer information, impacting 69,461 individuals, and prompting a rejected $20M ransom demand.
The breach underscores vulnerabilities within crypto platforms, highlighting the importance of robust data security and the market’s ongoing trust concerns.
Coinbase disclosed a major data breach involving the theft of customer PII. Support agents were bribed to facilitate this social engineering campaign, which targeted user-sensitive information.
Led by CEO Brian Armstrong, Coinbase took immediate action after this incident. The breach exposed information of 69,461 individuals, including bank details and government IDs. Passwords and seed phrases remained secure. Emilie Choi, President/COO of Coinbase, assured, “While the breach involved the theft of sensitive customer information, I want to reassure our users that no passwords, private keys, or seed phrases were compromised.”
The financial consequences of the breach are substantial, with remediation costs potentially reaching $400M. The company set up a $20M reward fund to aid in the prosecution of responsible parties.
In response to the attempted extortion, Coinbase is enhancing its security framework. It plans to open a U.S. support hub and increase its fraud detection capabilities.
International implications may arise as law enforcement actively pursues those involved. Coinbase’s stance and actions send a significant signal in the industry regarding ransom demands.
Coinbase’s decision not to pay the ransom underscores a focus on long-term security over immediate resolution. This move reflects historical trends where phishing attacks often follow PII leaks and necessitate enhanced user vigilance.