Coinbase holds firm against $20 million Bitcoin ransom request following insider data breach

Coinbase has disclosed a data breach impacting a small fraction of its monthly active users, as stated on May 15.

In the wake of the incident, CEO Brian Armstrong reported that the hackers sought to extort $20 million in Bitcoin from the platform.

Details of the Breach

As per the exchange’s findings, the attackers managed to manipulate and bribe support agents located overseas who had access to its internal systems.

These insiders provided confidential information, enabling the perpetrators to impersonate Coinbase personnel and execute social engineering scams.

The compromised information encompassed names, contact information, identity documents, alongside masked banking and social security details.

Nonetheless, Coinbase emphasized that users’ login credentials, private keys, and critical infrastructure—such as Prime wallets—remained unaffected and secure.

The exchange has dismissed the implicated insiders and plans to take legal measures against them, while also collaborating with law enforcement to investigate the security breach.

Coinbase has also announced intentions to compensate the users affected by this incident.

The attackers previously attempted to extort $20 million from Coinbase, but the firm refuted their demand, declaring:

“We will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”

Connection to ZachXBT

Although Coinbase has not verified any direct associations, blockchain investigator ZachXBT remarked that the breach corresponds with prior social engineering attacks he has documented.

In reaction to the Coinbase disclosure, ZachXBT stated:

“Indeed there’s a lot of Coinbase user thefts I posted tied to the group.”

In recent months, ZachXBT has reported that Coinbase users have lost hundreds of millions due to complex phishing and impersonation schemes, estimating these scams cost the platform’s users over $300 million annually.

Conversely, Wintermute CEO Evgeny Gaevoy argued that existing strict regulatory measures have facilitated the prevalence of such attacks.

He commented:

“This is the dark side of the idiotic and nonsensical kyc/aml regime we live in. Making life marginally convenient for law enforcement and geopolitical games, while sacrificing our privacy, imposing a massive tax on pretty much all businesses, and making it easier for criminals to rob, kidnap and do crime.”