Cryptocurrency exchange Coinbase has warned that it may face losses of up to $400 million after a major cyberattack.
The company revealed the breach affected a small subset of customer accounts, exposing names, addresses, and emails — though passwords were not compromised.
The attackers reportedly bribed contractors and support staff outside the U.S. to gain internal data. Coinbase said it has fired those involved and will reimburse customers who were tricked into sending funds to the hackers.
The company said it received a ransom demand of $20 million, which it refused to pay. Instead, Coinbase has offered a $20 million reward for any information that could lead to identifying the attackers.
This incident comes just days before Coinbase is expected to join the S&P 500 index, a major milestone for the crypto industry. But the breach now raises new security and reputational concerns.
In addition to the hack, the U.S. Securities and Exchange Commission (SEC) is reportedly reviewing whether Coinbase misrepresented its number of verified users. However, Coinbase denies the SEC is investigating its compliance practices under the Bank Secrecy Act.
Despite recent advancements in crypto, security threats continue to plague the industry. According to Chainalysis, $2.2 billion was stolen in crypto hacks in 2024 alone.
Coinbase says it is working with law enforcement, strengthening internal safeguards, and plans to open a new support hub in the U.S. to prevent future attacks.
Leave a comment