Coinbase, the third-largest cryptocurrency exchange globally, has revealed it was the target of a $20 million extortion attempt following a calculated breach involving bribed overseas customer support agents. In a blog post published on May 15, the company said the attackers coordinated with external support contractors to gain unauthorized access to internal systems.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase stated. The breach reportedly did not compromise user passwords, private keys, funds, or accounts on Coinbase Prime.
Less Than 1% of User Data Impacted
The attack affected less than 1% of Coinbase’s monthly transacting users. Once the perpetrators obtained the data, they demanded $20 million in Bitcoin in exchange for not disclosing the breach. Coinbase refused to meet the demand.
Instead, the exchange is offering a $20 million reward for any information that could lead to the arrest and conviction of those involved in the scheme.
Coinbase Most Impersonated Brand in Crypto
This latest incident underscores a growing trend in social engineering and phishing schemes targeting cryptocurrency users. In 2024, Coinbase became the most impersonated crypto brand, according to internal reports. Scammers often exploit brand trust to deceive victims into surrendering sensitive information or funds.
In a U.S. Securities and Exchange Commission (SEC) 8-K filing, Coinbase disclosed that it expects to spend between $180 million and $400 million in “voluntary customer reimbursements” and remediation efforts. The exchange has committed to reimbursing users who were tricked into sending crypto to phishing addresses.
Internal Reforms and Security Enhancements Underway
Coinbase CEO and co-founder Brian Armstrong confirmed in a May 15 post on X that the attackers had been approaching customer support contractors overseas for months, offering bribes in exchange for internal access. In response, the exchange plans to enhance its data security protocols and shift portions of its customer support operations to prevent future insider threats.
Phishing remains a serious concern across the crypto industry. Blockchain security analyst ZachXBT estimated that phishing scams cost users approximately $45 million in the week leading up to May 7 alone. As such schemes grow more sophisticated, exchanges like Coinbase are facing increasing pressure to fortify defenses and protect customer assets.
