Coinbase says staff leaked customer data, refuses to pay $20M ransom

, , ,
by Protos Staff

Coinbase has revealed that cybercriminals have tried to blackmail the exchange for $20 million in bitcoin (BTC) and have bribed rogue customer support agents to steal customer data

According to the company’s CEO, Brian Armstrong, a ransom note sent to the exchange threatened to release this data that could be used to carry out social engineering scams.

Coinbase said, “Their aim was to gather a customer list they could contact while pretending to be Coinbase — tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up. We said no.”

Read more: Coinbase mocked over four-hour candle launch: ‘What next, full-screen mode?’

The exchange claims it’s now “cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received.”

Instead, Coinbase countered the attempted blackmail by announcing a similarly priced bounty for anyone with information that may lead to the arrest of the alleged attackers. Coinbase confirmed that it’s reimbursing any scammed customers and submitted a K-8 filing today that revealed the final cost may range between $400 million and $180 million.

The rogue agents involved are said to have leaked the data of less than 1% of Coinbase’s monthly transaction customers, including personal data, including government ID images, transaction history, names, and details of bank accounts and social security numbers.

However, Coinbase claims they weren’t able to get private keys, login credentials, access to accounts or wallets, or any ability to move customer funds themselves.

Coinbase has a social engineering problem

This isn’t the first run-in with social engineering attacks on the exchange. Crypto sleuth ZachXBT claims the issue is rampant and estimates that Coinbase users are losing $300 million a year to social such scams.

Indeed, in the first week of May, ZachXBT claimed that Coinbase users have lost $45 million through Coinbase-focused social engineering scams.

He said, “Over the past few months, I have reported on nine figures stolen from Coinbase users via similar social engineering scams. Interestingly, no other major exchange has the same problem.”

Metamask security researcher Taylor Monahan claimed that “kids” are stealing roughly $50 million every weekend by taking over Coinbase accounts.

She critiqued its introduction of a messaging platform available through the Coinbase wallet, and said it will give “scammers a direct, encrypted line to all their wallet users. Incredible.”

Protos has contacted Coinbase for comment and will update if we receive a response.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on XBluesky, and Google News, or subscribe to our YouTube channel.