DOJ Initiates Investigation into Coinbase’s Leak of Insider Information

The investigation into the recent breach of customer data at Coinbase is being conducted by the US Department of Justice (DOJ), as reported on May 19 by Bloomberg News, which cited a source knowledgeable about the situation.

Paul Grewal, the chief legal officer at Coinbase, has confirmed that the company is collaborating with federal law enforcement agencies and is prepared to take legal action against those who are accountable.

Grewal further stated that Coinbase is also engaging with various US and international law enforcement bodies.

A representative for the exchange chose not to provide additional comments regarding the situation.

Internal breach and extortion

In a statement released on May 15, Coinbase revealed that attackers had bribed contractors and employees in India, who had privileged access to the company’s internal support systems.

The breach impacted under 1% of its monthly active users, leading to the compromise of names, contact information, identity documents, and partially obscured financial details. However, critical infrastructure, including private keys, authentication credentials, and cold storage wallets, was not affected.

Despite this, the internal data exposure enabled the attackers to impersonate Coinbase staff, leading to social engineering scams targeting customer accounts.

According to Coinbase CEO Brian Armstrong, the attackers demanded a ransom of $20 million in Bitcoin. The company opted not to pay this ransom and instead declared it would create a $20 million reward fund for information that would help identify and prosecute the individuals involved.

Potential remediation costs of up to $400 million

Coinbase recently filed a Form 8-K with the US Securities and Exchange Commission (SEC), stating that it is still evaluating the total financial impact of the breach.

Initial estimates suggest that remediation costs and user reimbursements could range from $180 million to $400 million. The company has committed to compensating all users affected by the breach and will terminate the employment of individuals involved.

Security expert ZachXBT has been tracking phishing and social engineering tactics aimed at Coinbase users, linking over $300 million in annualized losses to similar schemes targeting the platform’s customers.

These incidents often employed impersonation strategies, successfully extracting seed phrases through sophisticated deception tactics.

The DOJ investigation represents a significant enhancement in the response to what has become one of the most financially damaging insider breaches within the cryptocurrency industry.