Coinbase: Justice Department to Pursue Criminal Charges Against Cybercriminals

By  |  May 19, 2025
 | 

The Justice Department is reportedly investigating the data breach announced last week by Coinbase Global.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Coinbase Chief Legal Officer Paul Grewal told Bloomberg in a report posted Monday (May 19): “We have notified and are working with the DOJ and other U.S. and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors.”

    The company announced Thursday (May 15) that it was reimbursing users following a data breach that turned into an extortion attempt.

    In a blog post, Coinbase said cybercriminals convinced a “small group” of company insiders to copy the data from its customer support tools for less than 1% of Coinbase’s monthly transacting users; aimed to use this list to contact customers while pretending to be Coinbase in order to trick people into handing over their crypto; and then tried to extort Coinbase for $20 million to cover this up.

    “We said no,” the company said in the post. Instead of paying the $20 million ransom, Coinbase said it was setting up a $20 million reward fund for information that leads to the arrest and conviction of the attackers.

    “We will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks,” Coinbase said in the post.

    In a filing with the Securities and Exchange Commission (SEC), Coinbase disclosed that the cybersecurity incident could cost it as much as $400 million.

    The company’s investigation into the incident is still underway, so the full impact of the cyberattack is not yet known, it said in the filing.

    On Friday (May 16), it was reported that Binance and Kraken were targeted in a social engineering cyberattack similar to the one revealed by Coinbase.

    Sources told Bloomberg that the companies were able to repel the attacks without customer data being compromised.

    The implications of a centralized store of correlated user information are a top concern for the financial ecosystem, particularly as crypto becomes more mainstream.

    Lionsgate Network CEO Bezalel Eithan Raviv told PYMNTS in an interview posted Monday: “In the last two days alone, we’ve been approached by dozens of Coinbase customers who were likely on that list and have since been targeted by attackers impersonating Coinbase Support.”


    Recommended

    Circle IPO stablecoin

    Circle’s IPO Goals Hinge on Becoming Digital Money’s Infrastructure Layer

    Worldpay and BVNK logos

    Worldpay Teams With BVNK to Offer Stablecoin Payouts

    Salesforce

    Salesforce to Acquire Informatica to Enhance Agentic AI Features

    tariffs

    Tariffs ‘Appalling and Hard to Deal With’ for Small Businesses

    See More In: , , , , , , , , , , , , ,