Coinbase Targeted in Cyberattack, Hackers Demand $20 Million Ransom for Stolen Customer Data - 15-05-2025

Coinbase, the major U.S.-based cryptocurrency exchange, confirmed on Thursday that it had fallen victim to a cyberattack in which hackers stole customer data and demanded a $20 million ransom to prevent its public release.

The attack occurred earlier this week, just days before the company is set to make history by becoming the first crypto exchange included in the S&P 500 on Monday. The ransom request reportedly took place on Monday.

Following the news, Coinbase shares dropped 5.4% on Wall Street. This follows a 25% surge on Tuesday, triggered by the announcement of its upcoming inclusion in the prominent stock index.

“The attackers were attempting to gather a list of customers they could impersonate, tricking them into handing over their cryptocurrency,” the company stated on its official website. “After that, they tried to blackmail Coinbase, demanding $20 million to cover it up. We refused.”

Headquartered in California, Coinbase announced that it is offering a $20 million reward — matching the ransom amount — to anyone who provides information that leads to the arrest and conviction of those responsible for the breach.

Cybercriminals have increasingly targeted the crypto sector, exploiting poorly written code and focusing on executives and customer service personnel with access to sensitive data.

Earlier this year, hackers stole around $1.5 billion in crypto tokens from Bybit in what the platform described as the largest heist ever suffered by the industry.

Blockchain analytics firm Chainalysis reported that cyberattacks on crypto exchanges rose 21% last year, surpassing $2.2 billion in losses, with most incidents concentrated in the Asia-Pacific region. Of that total, North Korean state-sponsored hackers were responsible for $1.3 billion.

This breach comes amid a broader wave of cyberattacks affecting major global companies. Recently, luxury fashion house Dior, UK department store Harrods, and retailer Marks & Spencer have also been hit by similar incidents.

According to Coinbase, the perpetrators “bribed and recruited” customer service agents working outside the U.S. to gain access to internal systems and steal client data. The employees involved were promptly terminated.

The company said the breach affected a “small subset” of users and included partial Social Security numbers, bank details, account information, and images of identity documents such as passports and driver’s licenses. However, no passwords, private keys, or account funds were compromised.

Coinbase stated that it will reimburse customers who were tricked into sending funds to the attackers, a move that could cost the company between $180 million and $400 million.

This incident unfolds against the backdrop of a strong resurgence in the crypto market, fueled in part by political developments in the U.S. Following Donald Trump’s electoral victory, Bitcoin has surged more than 30% in the past month, recently surpassing the $100,000 mark — its highest level since January.

Dovile Silenskyte, head of digital asset research at WisdomTree, commented that Coinbase’s entry into the S&P 500 is “mostly symbolic,” yet highly significant. She noted that it will help redirect a portion of the trillions of dollars tracking the index toward the company’s stock.