Coinbase suffers major cyber-attack; customers’ stolen info used to scam them

Cryptocurrency exchange Coinbase reported that a cyber attack against its systems resulted in customer data being stolen, which was then used to scam these customers.

The attack happened when the hackers bribed Coinbase’s overseas customer support agents to copy data in its customer support tools, noted the company in a blog post.

The cost of the attack could be as high as $400 million, reported BBC. Coinbase’s shares were down by a little over 4%.

The attackers aimed to use the stolen information in order to impersonate legitimate Coinbase employees and scam people into giving up their crypto. They also attempted to extort money from Coinbase itself, in exchange for covering up the breach.

“Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers,” posted Coinbase on X on May 15.

Coinbase stressed that a small percentage of users was affected by the incident and that user information such as names, bank account numbers, fragments of social security numbers, account data, government ID images, and corporate data had been stolen.

However, the company said that login credentials, private keys, and access to customer accounts had not been compromised. Coinbase promised to reimburse customers who had been scammed into sending funds to the attackers. Affected customers have been notified, per the company, while some transactions may be delayed due to increased security monitoring.

“We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” posted Coinbase on X.

Social engineering attacks refer to criminal attempts to gain personal or sensitive information from victims by targeting them emotionally, taking advantage of them, or manipulating them with psychological tactics.

This is different from cyber-attacks such as unsolicited messages with malware links sent to large groups of people at once.

The attack against the well-known crypto exchange comes just as Coinbase was readying to join the S&P 500 index. Meanwhile, U.S.-based crypto investors are eagerly anticipating loosened regulations and more trading freedom since President Trump’s term started.

“Security and transparency are core to Coinbase. Consistent with that commitment, we’re publicly detailing an extortion attempt against us and our customers. Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident,” said Coinbase on its website.