Coinbase Hacked: Customer Data Stolen, Reimbursements Announced

Crypto exchange Coinbase recently fell victim to an attack that led to stolen customer data, potentially causing $400 million in damages.

The company reported that bad actors had been contacting overseas contractors for months, attempting to bribe them into releasing customer information.

Following the breach, criminals threatened to leak data unless Coinbase paid a $20 million ransom in bitcoin. The company refused to pay and informed law enforcement, but has decided to cover reimbursement expenses ranging from $180 million to $400 million for affected customers. It stated that no passwords, private keys, funds, or Coinbase Prime accounts were compromised, and the attack impacted less than 1% of its monthly transacting users.

Coinbase also announced a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.

Financial Institutions as Prime Targets

Employees have become frequent targets for cybercriminals aiming to access company data. Financial organizations are prime targets due to holding vast amounts of personal and financial data—this was demonstrated when hackers targeted the U.S. Office of the Comptroller of the Currency, which monitors the activities of all U.S. financial institutions and has significant access to sensitive information.

As the largest crypto exchange in the U.S., Coinbase has capitalized on the growing interest in digital assets by making large acquisitions and introducing new technologies. The company’s global scale increases the likelihood that it will be targeted by criminals.

Bolstering Fraud Defenses

Coinbase noted that after detecting the breach, they terminated involved employees, warned affected customers, and strengthened their fraud defenses.

This incident is expected to prompt Coinbase and other financial services companies to reassess contractor relationships and conduct more thorough vetting of employees with access to sensitive customer data.