The breach happened when cybercriminals convinced “a small group” of company insiders to copy the data from its customer support tools for less than 1% of Coinbase’s monthly transacting users, according to a Thursday (May 15) company blog post.
“Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto,” the post said. “They then tried to extort Coinbase for $20 million to cover this up. We said no.”
Coinbase fired the compromised employees “on the spot” and referred them to law enforcement, with plans to press criminal charges, according to the post.
The hackers managed to get these users’ names, addresses, phone numbers and emails, as well as the last four digits of their Social Security numbers, per the post. Also taken were masked bank account numbers and some bank account identifiers, government identification images such as passports and drivers’ licenses, transaction histories, and “limited” corporate data such as documents, training material and communications available to support agents.
However, the criminals were unable to access customer login credentials, private keys or two-factor authentication codes, according to the post. They also did not gain the ability to move or access customer funds, or access to Coinbase Prime accounts or Coinbase or Coinbase customer hot or cold wallets.
“We will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks,” the post said.
The company is also adding new customer safeguards, opening a new U.S. support hub and increasing its investment in cyber threat detection. And rather than paying the $20 million ransom, Coinbase is setting up a $20 million reward fund for information that leads to the arrest and conviction of the attackers, per the post.
The news came weeks after the FBI released a report showing a rise in cryptocurrency fraud, with at least $9.3 billion in losses reported last year, a 66% jump over 2023. These losses stemmed from investment scams, extortion, sextortion and fraudulent activity involving cryptocurrency ATMs and kiosks.
Between January 2024 and April of this year, the FBI notified more than 5,400 victims targeted by crypto-related fraud, many of them unaware they had been targeted.
