Coinbase Hit by Cyber Attack: Customer Data Stolen, $20 Million Extortion Refused

Coinbase, one of the world’s biggest cryptocurrency platforms, has revealed a major cyber attack that compromised internal systems and exposed customer data. The incident could cost the company between $180 million and $400 million.

In a bold move, Coinbase said it refused to pay a $20 million ransom demanded by the attackers and is now working with law enforcement to track them down.

According to the company, the breach began when cybercriminals bribed overseas support contractors to steal internal data. The hack affected less than 1% of monthly users but exposed sensitive information like names, addresses, phone numbers, masked Social Security numbers, bank details, and even images of government IDs.

However, Coinbase stressed that no passwords, two-factor authentication codes, private keys, or customer funds were accessed.

“Instead of paying criminals, we chose to investigate, strengthen our systems, and take care of our users,” Coinbase said in a statement. The company promised to reimburse customers who were scammed during the attack.

Coinbase traced the breach to customer support workers based outside the U.S., whose suspicious activity had already raised red flags in the past. Those employees were fired immediately after the breach was discovered.

To prevent future attacks, Coinbase is launching a new customer support center in the U.S., tightening security around high-risk transactions, and boosting its insider threat detection tools.

The company also announced a $20 million reward for any information that leads to the arrest and conviction of the attackers.

“Crypto adoption depends on trust,” Coinbase said. “We’re committed to protecting our customers and making the crypto economy safer for everyone.”

Following the news, Coinbase shares dropped around 2.8% in premarket trading.