Coinbase has been confronted with a disturbing email demanding a $20 million ransom from a hacker who claims to have accessed sensitive user data.
The cryptocurrency exchange revealed that the email, sent on May 11, requested money in return for withholding information allegedly obtained from its employees.
“The password, private key, or funds have not been disclosed, and the Coinbase Prime account has not been mentioned,” the company stated.
In a press release, Coinbase mentioned that the stolen customer data could potentially facilitate social engineering attacks, with assertions that “cybercriminals fed and recruited” were involved as well as a “Rogue Overseas Support Agent.”
While Coinbase assured that the breaches impacted only a small percentage of customers—less than 1%—this could still represent over 1 million users, given their estimate of around 105 million users by 2024.
“Again, the password, private key, or funds have not been disclosed, and the Coinbase Prime account has not been addressed,” they noted, emphasizing their position. They promised to refund any customers who may have been tricked into sending money to the attackers.
Despite Coinbase’s efforts to reassure users, many were left feeling unsatisfied and uncertain about their personal information’s safety.
According to reports from Coinbase, hackers acquired usernames, addresses, phone numbers, and email addresses. They also claim to have stolen the last four digits of social security numbers, masked bank account details, and government ID images.
Dean Gefen, CEO of cybersecurity firm Nukudo, expressed concerns to Blaze News about the long-lasting impacts such breaches can have. “That kind of exposure is not merely a privacy issue. It can lead to phishing, identity theft, and long-term financial vulnerability. Most users might not feel the effects immediately, but if that data circulates or is mishandled, the repercussions can linger for years,” he said.
Gefen pointed out that cryptocurrency account holders are particularly at risk because they exist at the crossroads of finance and emerging tech. These sectors often evolve rapidly, leaving security measures struggling to keep pace.
“Companies managing sensitive financial information should take this as a wake-up call,” he remarked. “Such breaches are bound to happen if they lack the right personnel, training, and systems.”
When asked if this was just an inherent risk of operating at such a scale, Gefen stated, “Only if you view these obstacles as normal.”
He further questioned why society accepts such breaches in financial structures when they aren’t tolerated in other critical infrastructures, like nuclear facilities or defense systems.
Experts have warned that malicious actors from regions like China, North Korea, and Russia pose a significant threat, viewing crypto platforms as appealing, decentralized targets.
In response to the ransom demand, Coinbase plans to collaborate with “industry partners” and law enforcement to track down the hacker. Instead of paying the ransom, they will set up a $20 million reward fund for information leading to the arrest and conviction of the attacker.
Reportedly, the compromised insider was “dismissed on the spot” and the situation has drawn attention from U.S. and international law enforcement.
