Coinbase is the largest cryptocurrency exchange in the United States. The coinbase recently revealed that criminals stole personal data from some users. The attackers then tried to extort Coinbase for $20 million. Instead of paying, Coinbase offered a $20 million reward for help in finding and arresting those responsible.
According to a filing submitted to the U.S. Securities and Exchange Commission (SEC) on Wednesday night, Coinbase received an extortion email on Sunday. The email came from a group of cybercriminals who had gained access to sensitive user information, including names, addresses, phone numbers, government-issued IDs, transaction histories, and the last four digits of Social Security numbers.
Coinbase revealed that the data was leaked by overseas contractors and support staff who were paid by the attackers to hand over the information.
Cybercriminals often target cryptocurrency exchanges like Coinbase. This is because digital currencies like Bitcoin are decentralized and hard to recover if stolen. So far, Coinbase had mostly avoided major cyberattacks.
The company did not share the exact number of affected users. However, CEO Brian Armstrong said in a video that less than 1% of monthly active users were impacted.
The company did not share the exact number of affected users. However, CEO Brian Armstrong said in a video that less than 1% of monthly active users were impacted.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Armstrong also mentioned that scammers used the stolen information to pose as Coinbase customer support agents, tricking some users into handing over their funds. Coinbase confirmed that users who lost money in this way would be reimbursed.
The exact amount stolen from users remains unknown. However, the SEC filing stated that Coinbase expects total losses from reimbursements and recovery to range between $180 million and $400 million.
On Thursday morning, Coinbase emailed the affected users, assuring them that it would never ask for login details or call them to transfer assets. The message also apologized for the stress and trouble the incident may have caused.
Armstrong made it clear that Coinbase is fully committed to finding and prosecuting those responsible. “To the criminals behind this, know that we will hold you accountable,” he said.
