Coinbase faces $400M bill after insider phishing attack

Coinbase, the world’s third-largest cryptocurrency exchange, was hit by a $20 million extortion attempt after cybercriminals recruited overseas support agents to leak user data, the company said.

According to a May 15 blog post, Coinbase said a group of external actors bribed and coordinated with several customer support contractors to access internal systems and steal limited user account data.

“These insiders abused their access to customer support systems to steal the account data for a small subset of customers,” Coinbase said, adding that no passwords, private keys, funds or Coinbase Prime accounts were affected.

Less than 1% of Coinbase’s monthly transacting users’ data was affected by the attack, the company said.

After stealing the data, the attackers attempted to extort $20 million worth of Bitcoin (BTC) from Coinbase in exchange for not disclosing the breach. Coinbase refused the demand.

Related: Ukraine strategic Bitcoin reserve bill reportedly in final stages

Instead, the company offered a $20 million reward for information leading to the arrest and conviction of those responsible for the scheme.

Scammers often masquerade as recognizable brands to inspire a false sense of trust in their victims.

In 2024, Coinbase was the most impersonated cryptocurrency brand by scammers.

Related: Top South Korean presidential hopefuls support legalizing Bitcoin ETFs

Coinbase said it will reimburse users who were tricked into sending cryptocurrency to phishing scammers, with expected remediation and reimbursement expenses ranging from $180 million to $400 million.

The crypto exchange disclosed the estimate in an 8-K filing with the US Securities and Exchange Commission on May 15, noting the expenses relate to “voluntary customer reimbursements” and other remediation efforts.

The attackers have been approaching the exchange’s overseas customer support agents for months, aiming to “bribe” them in exchange for customer information, said Coinbase co-founder and CEO Brian Armstrong in a May 15 X post.

Following the attack, the exchange will strengthen its internal data management processes and relocate some of its customer support operations to avoid similar incidents.

Social engineering schemes are a growing concern for Coinbase users. Blockchain security analyst ZachXBT estimated that users lost around $45 million to phishing schemes in the week leading up to May 7.

The blockchain security analyst previously claimed that social engineering scams cost Coinbase users over $300 million annually, Cointelegraph reported on Feb. 4.

Magazine: Crypto wanted to overthrow banks, now it’s becoming them in stablecoin fight