Coinbase reported that a small group of overseas support contractors were bribed by cybercriminals to access customer data from internal systems, affecting less than 1% of its active users each month. The breach did not expose passwords, private keys, or funds, and Coinbase Prime accounts were not impacted.

The attackers demanded a $20 million ransom to keep the breach confidential. However, Coinbase refused and instead redirected the amount to a $20 million reward fund for information leading to the apprehension and conviction of the culprits. Stolen data included personal information such as names, addresses, phone numbers, and partial bank details. Coinbase pledged to compensate victims who fell victim to subsequent social-engineering scams.

To enhance security, Coinbase has implemented additional measures including increased withdrawal verification, enhanced ID checks, and real-time scam alerts for flagged accounts. The breach was initiated when insiders accessed lists of high-balance accounts and hackers impersonated Coinbase staff in phishing attempts. Prompt detection by security teams led to the lockdown of access and the launch of a criminal investigation. The company assured that its infrastructure and wallets were not compromised.

Coinbase has introduced new security protocols, enhanced insider-threat monitoring, and continuous red-team exercises to prevent future breaches. Dismissed employees involved in the breach have been reported to law enforcement. Coinbase is collaborating with blockchain analytics companies to identify the attackers' addresses and freeze stolen funds on compliant platforms.