Hackers bribed overseas Coinbase agents for customer information. How to protect yourself.
A data breach affecting Coinbase, the world’s largest cryptocurrency exchange, has left some customers’ data vulnerable.
The U.S. Department of Justice reportedly launched a probe into the attack. Cyber criminals bribed a group of “rogue” overseas support agents to facilitate the breach, according to the company.
The company said it received an email from an unknown actor on May 11 who claimed to have access to some internal documents and information about certain customer accounts. Coinbase refused to pay their ransom demand of $20 million and is instead offering a $20 million reward for information about the hackers.
"We have notified and are working with the DOJ and other U.S. and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors," Coinbase’s Chief Legal Officer Paul Grewal told Reuters.
Coinbase said the hackers did not gain access to login credentials or passwords, but they did steal other customer data. The company said it will install extra safeguards and reimburse customers who were tricked into sending money to the attackers. In addition, it is opening a new support hub in the U.S.
The company’s share prices took a dive when Coinbase forecast a hit of $180 million to $400 million after the attack.
If you are one of the millions of American Coinbase customers, here’s what to know about the breach and how to protect yourself:
What did the Coinbase hackers get?
According to the crypto exchange, the attackers gained access to the following information from a subset of its customers in the breach:
- Name, address, phone, and email
- Last four digits of their social security numbers
- Masked bank-account numbers and some bank account identifiers
- Government-ID images
- Account data, such as balance snapshots and transaction history
Coinbase said the attackers do not have access to:
- Login credentials or two factor authentication codes
- Private keys
- Any ability to move or access customer funds
- Coinbase Prime accounts
- Any Coinbase or Coinbase customer hot or cold wallets
How can Coinbase customers protect themselves after the breach?
The company said it sent out an email notifying affected customers on May 15 and will reimburse those who mistakenly sent funds to a scammer as a direct result of the breach prior to that day after a review of the incident.
Coinbase customers should be on high alert for scammers trying to retrieve more information or money after the breach.
“Expect imposters. Scammers—related to this incident or not—may pose as Coinbase employees and try to pressure you into moving your funds,” Coinbase said in a statement. “We will never call or text you to give you a new seed phrase or wallet address to move your funds to. If you receive this call, hang up the phone.”
In addition, the company recommends turning on withdrawal allow-listing, which only permits transfers to wallets you are confident you fully control. It also suggests enabling strong two factor authentication. If something feels off, Coinbase advises you lock your account and email security@coinbase.com.
Are other crypto exchanges at risk
While this breach did not affect other crypto exchanges, they have also been subject to cyber attacks and cryptocurrency customers are generally common targets for scammers.
Funds stolen by hacking crypto platforms increased 21% and totaled $2.2 billion in 2024, a Chainalysis report found.
Other crypto exchange platforms including Robinhood and Cash App have fallen victim in the past to cyberattacks that exposed millions of users’ data.
While the industry has become more mainstream over the years, Coinbase acknowledged that widespread adoption of cryptocurrency will depend on trust.
Contributing: Reuters
Reach Rachel Barber at rbarber@usatoday.com and follow her on X @rachelbarber_