Coinbase Refuses $20 Million Ransom Demand Over Stolen Data by Rogue Employees

Coinbase says cybercriminals bribed a small group of overseas support contractors to pull customer data from internal tools, hitting “less than 1 %” of its monthly active users.

The exchange said the breach did not expose any passwords, private keys, or funds, and that Coinbase Prime accounts remained untouched.

Coinbase Attackers Demanded $20 Million Ransom

The attackers demanded a $20 million payment to keep the incident quiet. However, Coinbase said in a blog post that it refused and redirected the sum into a $20 million reward fund for information leading to their arrest and conviction.

“We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack,” Coinbase said.

The exchange also stated that it expects to incur costs ranging from $180 million to $400 million as a result of the incident.

“The Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident, prior to further review of potential losses, indemnification claims, and potential recoveries,” Coinbase added.

Stolen records include names, addresses, phone numbers, masked Social Security digits, partial bank details, and account snapshots.

“Their [attackers] aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto,” the exchange explained.

The company vowed to make victims “whole” if follow-up social-engineering scams lured them. New withdrawal friction, extra ID checks, and real-time scam prompts are already live on flagged accounts.

Preventive measures include a new US support hub, stronger insider-threat detection, and nonstop red-team simulations. Coinbase has referred the fired insiders to the US and international law enforcement agencies. The exchange will also be working with blockchain analytics firms to tag the attackers’ addresses and freeze stolen funds.

It appears scammers have been targeting Coinbase’s users for some time now. BeInCrypto reported that Coinbase users lost $46 million to social engineering scams in March.

Moreover, the news comes just days before the exchange is set to join the S&P 500 index. Coinbase would become the first cryptocurrency-focused company to be included in the S&P 500.