Cryptocurrency giant Coinbase has revealed a severe data breach stemming from insider collusion involving overseas customer support contractors. According to the company’s disclosures, these contractors, operating from India, were bribed by a malicious actor to exfiltrate sensitive customer data.
The stolen information became the centerpiece of a $20 million extortion attempt, which Coinbase refused, opting instead to publicize the breach via regulatory filings and a blog post.
The attack affected fewer than 1% of Coinbase’s 9.7 million monthly users, but the compromised data includes highly sensitive information such as images of government-issued IDs, financial account details, and transaction histories. While customer funds remain secure, Coinbase warned that the exposed data could fuel sophisticated phishing and fraud campaigns.
Why It Matters: The breach exposes how reliance on overseas contractors left Coinbase vulnerable to insider threats. Refusing the ransom doesn’t change that criminals now have thousands of customers’ personal data. It raises hard questions about how much control companies truly have over those handling sensitive information.
- Insider Collusion at the Core: Coinbase revealed that overseas customer support contractors, specifically based in India, were bribed by a malicious actor to extract sensitive customer data from internal tools. All involved contractors have since been terminated.
- Extent of Data Breach: Exposed data includes customer names, phone numbers, email addresses, masked Social Security numbers, bank details, images of government-issued IDs, account balances, and transaction histories. No login credentials, 2FA codes, private keys, or wallet access were compromised.
- $20 Million Extortion Attempt: An anonymous threat actor demanded a $20 million ransom on May 11, promising not to release the stolen data. Coinbase refused the demand and is offering a matching $20 million reward for information leading to the perpetrator’s arrest and conviction.
- Financial and Security Response: Coinbase projects expenses between $180 million and $400 million to cover remediation, customer reimbursements, and new security measures, including the establishment of a U.S.-based support center to reduce reliance on overseas contractors.
- Ongoing Warnings to Customers: Coinbase is actively warning its users to beware of phishing scams and imposters pretending to be company representatives. It reiterated that it will never request sensitive login information or ask users to transfer funds to specific wallets.
