Shares of Coinbase Global experienced a decline of over 7% on Thursday following the announcement of a cyberattack that compromised customer account information, potentially costing the company as much as $400 million.
The breach, which affected a “small subset of customers,” involved the unauthorized access of names, addresses, phone numbers, email addresses, and images of government identification. However, the company confirmed that passwords and private keys remained secure, as detailed in a regulatory filing made on Thursday.
COINBASE INVESTS $25M IN 2026 MIDTERM ELECTIONS WITH COMMITMENT TO PRO-CRYPTO SUPER PAC
Coinbase, boasting over $328 billion in assets, revealed that on May 11, it received an email from an unidentified hacker claiming possession of customer account information and internal documents. The perpetrators reportedly demanded a ransom of $20 million to refrain from releasing the data publicly, as noted in the filing.
According to the company, the hackers utilized various contractors and employees in support roles outside the United States to gain access to the information. Coinbase stated that those involved in the breach have been terminated and reported to law enforcement authorities.
COINBASE DUNKS ON TRADITIONAL PAYMENT METHODS IN $15M NBA AD SPEND
Coinbase detailed in a blog post that “Cybercriminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks.” The company added that these insiders took advantage of their access to customer support systems to extract sensitive account data affecting a limited number of customers.
The crypto exchange has refrained from meeting the hackers’ demands and plans to reimburse customers who were manipulated into sending funds. Coinbase has projected that costs associated with remediation and customer reimbursements could fall between $180 million and $400 million, as stated in the regulatory filing.
COINBASE SUES SEC, FDIC FOR INFORMATION RELATING TO CRYPTO REGULATION
Coinbase emphasized its cooperation with law enforcement to pursue maximum penalties against the attackers, asserting it will not consent to the $20 million ransom.
In response to the attack, Coinbase is also offering a $20 million reward for information that leads to the arrest and conviction of those responsible. Additionally, the company is reinforcing its security protocols and establishing a new support facility in the United States.
The revelation of this cyber incident coincides with an ongoing investigation by the U.S. Securities and Exchange Commission into allegations that Coinbase may have misrepresented the number of its users, according to a report by Reuters.
CLICK TO GET THE Finance Newso NEWS APP
Neither Coinbase nor the SEC have provided immediate comments in response to requests from Finance Newso Business.
