Crypto exchange giant Coinbase has officially confirmed a significant security breach involving the theft of sensitive customer data, including government-issued identity documents. The incident, disclosed this week in a regulatory filing, stems from a targeted extortion attempt where hackers demanded $20 million to prevent the public release of the exfiltrated information.
How the Breach Occurred
Coinbase revealed that the unauthorized access was orchestrated through human engineering rather than a direct technical exploit. The attackers bribed multiple contractors and support staff located outside the United States to harvest data from internal systems. These individuals, who had legitimate access to internal tools for their professional duties, have since been terminated from their roles.
The company stated that it detected the malicious activity over the past few months and has been proactively notifying customers whose information was compromised to mitigate the risk of identity theft or fraudulent activity.
The Scope of Stolen Data
The volume of compromised data is extensive. According to official disclosures, the hackers obtained:
- Full names, postal addresses, and email addresses.
- Phone numbers and the last four digits of Social Security numbers.
- Masked bank account numbers and banking identifiers.
- Government-issued identity documents, including passports and driver’s licenses.
- Detailed account balances and transaction histories.
Beyond customer information, the breach also exposed internal corporate documentation. Despite the severity of the theft, a company spokesperson, Natasha LaBranche, clarified that the number of affected users represents less than 1% of the exchange’s 9.7 million monthly active customers, based on data from the latest annual report.
Refusing the Ransom
Coinbase has taken a firm stance against the extortionists. CEO Brian Armstrong confirmed via a social media post that the company will not pay the $20 million ransom demand.
The financial impact of the incident is expected to be substantial. The exchange estimates that remediation costs, including security upgrades and customer reimbursements, will range between $180 million and $400 million.
Future Security Measures
In response to the exploit, Coinbase has detailed plans to bolster its security infrastructure in a recent blog post. The company is actively shifting its operational strategy by establishing a new support hub based in the United States to exert tighter control over system access and data handling protocols.