Coinbase CEO confirms data breach: Users targeted by rogue support agents

Coinbase has shared a security incident about cybercriminals bribing its overseas customer support agents to access user data. According to the company’s official statement, the breach affected less than 1% of monthly transacting users and did not expose passwords, private keys, or provide access to customer funds. The attackers attempted to extort Coinbase for $20 million to prevent the release of the stolen information. Instead, CEO Brian Armstrong announced that the exchange would establish a $20 million reward fund for information leading to the arrest and conviction of those responsible. Attackers target and compromise customer support The security breach happened when cybercriminals targeted Coinbase’s worldwide customer support activities. They offered agents cash bribes to reproduce information from customer support aids. According to the firm’s report , the attackers accessed several types of customer data, including names, addresses, phone numbers, and email addresses. They also accessed masked Social Security numbers (last four digits), masked bank account numbers, some bank account identifiers, government ID photos such as driver’s licenses and passports, snapshots of account balances, and transaction histories. https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0 — Brian Armstrong (@brian_armstrong) May 15, 2025 Apart from that, sanctioned corporate data was also utilized by the attackers. These include reports, training materials, and communications that were given to aid agents. However, Coinbase reiterated that the attack did not violate a number of fundamental information categories. Armstrong addressed the hackers, who attempted to blackmail Coinbase for a payment of $20 million in exchange for not releasing the stolen information in his video. “I’m going to respond publicly to these attackers by saying no, we are not going to pay your ransom.” Coinbase launches mitigation measures Coinbase issued a detailed report of the security incident. This encompasses short-term consumer protections and longer-term security enhancements. Coinbase pledged to “make customers whole” by reimbursing users that were deceived into sending funds to attackers in social engineering attacks via stolen credentials. Coinbase also announced it is opening a new support hub in the United States and implementing stronger security controls and monitoring across all locations. Armstrong specifically mentioned “relocating some of our customer support operations as a result of this” in his video statement. The company is also hardening defenses by increasing investment in insider-threat detection, automated response systems, and security simulations to identify potential vulnerabilities in internal systems. Coinbase confirmed that the compromised insiders “were fired on the spot and referred to U.S. and international law enforcement.” Coinbase issues guidelines to help users Coinbase has issued specific guidance to help customers protect themselves from potential social engineering attempts that may result from the data breach. The company warns users to be vigilant about imposters who may pose as Coinbase employees and attempt to pressure them into transferring funds. In its safety advisory, Coinbase emphasized several key points about their legitimate communication practices: “Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet. We will never call or text you to give you a new seed phrase or wallet address to move your funds to.” The company advises customers to hang up immediately if they receive such calls. The company has already sent impact notices to affected users and plans to keep the community updated as the investigation progresses. For those customers whose data was compromised, the primary risk comes from potential social engineering attacks where scammers leverage the stolen personal information to appear legitimate when contacting victims. In his video statement, CEO Brian Armstrong delivered a stern message to the attackers and others who might consider targeting the exchange in the future: “For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice.” KEY Difference Wire : the secret tool crypto projects use to get guaranteed media coverage

Source: Cryptopolitan