Hackers Breach Coinbase, Demand $20 Million Ransom
Last updated: May 30, 2025
Coinbase, the largest US-based cryptocurrency exchange, recently confirmed a breach of its systems that gave malicious actors access to its customers’ personal data. The company denied the hackers’ demand for a $20 million USD payment to prevent the public release of the stolen data.
According to a legal filing by Coinbase, the hackers originally informed Coinbase of the breach in an email on May 11. Allegedly, the hackers obtained the information by paying employees who worked in customer support roles for information on Coinbase’s systems.
Some of the personally identifiable information (PII) stolen from customers includes names, phone numbers, emails, partial Social Security numbers, banking data, government ID images, and account data. Coinbase says that no passwords or private keys were compromised, and none of the affected customers lost access to their cryptocurrency wallets.
The company publicly informed customers of the breach on May 15, via social media and a blog post.
“(The stolen data) allows them to conduct social engineering attacks where they can call our customers impersonating Coinbase customer support and try to trick them into sending their funds to the attackers,” said Brian Armstrong, Coinbase’s CEO, in a post on X (formerly Twitter).
Social engineering or “phishing” scams are particularly popular since they rely on manipulating people instead of more advanced, technical security systems. Some of the most prominent recent cybersecurity attacks have begun as phishing scams, like the PowerSchool hack that exposed the PII of millions of students.
Coinbase did not provide exact figures on how many customers were affected by the data breach, but it claimed that the number was lower than 1% of its total customer count. It also promised to reimburse anyone who was targeted. The company said it expects to spend between $180 million and $400 million in reimbursements and remediation.
In a May 15 blog post, Coinbase stated that the attackers demanded a $20 million ransom in exchange for not distributing the stolen data. The company denied the payment and instead offered a $20 million reward for information that could lead to the attacker’s identification and arrest.
Coinbase also promised to establish further security measures and ensure customer transparency to prevent a similar incident in the future.
