Hackers Breach World's Largest Crypto Exchange, Demand $20 Million Ransom

Coinbase, the largest cryptocurrency exchange in the United States, announced on Thursday that hackers managed to breach its systems by bribing offshore customer service contractors to gain access to sensitive customer information. The attackers are demanding a $20 million ransom in what has become one of the most serious cybersecurity breaches to hit a digital asset trading platform.

The San Francisco-based company said it does not intend to pay the ransom. Initial regulatory filings estimate the potential damage could range between $180 million and $400 million, primarily from reimbursements and compensation to affected users.

According to the company, the perpetrators offered cash bribes to customer support agents in exchange for internal data. The stolen information includes customer names, addresses, account details, and images of government-issued IDs. The hackers allegedly intended to use this data for impersonation schemes, convincing users to unknowingly transfer their crypto holdings to the attackers—while simultaneously blackmailing Coinbase.

How the Breach Unfolded

The attack was first reported on May 11, when an anonymous threat actor emailed Coinbase claiming possession of internal company documents and customer data. The hacker demanded $20 million in Bitcoin in exchange for not leaking the stolen materials.

The company revealed that, in the months prior to the email, several support agents had accessed sensitive systems without legitimate business reasons. These individuals were swiftly terminated, and Coinbase began alerting potentially affected customers. After reviewing the email, the company concluded that the employees were likely part of a coordinated scheme orchestrated by external hackers.

Though fewer than 1% of Coinbase’s active monthly users were impacted, the company has committed to full compensation for any financial losses. Coinbase is also offering a $20 million reward for information leading to the identification and conviction of those responsible.

Crypto’s Persistent Security Woes

Cyberattacks have long plagued the cryptocurrency industry, which is heavily reliant on digital platforms and decentralized user control. According to research firm Chainalysis, over $2.2 billion was stolen through similar attacks in 2024 alone.

The hackers in this case used social engineering, a method of manipulating individuals to gain unauthorized access, rather than exploiting software vulnerabilities. Social engineering tactics are increasingly common in crypto-related attacks and were also behind the $1.5 billion breach of Bybit in February.

In parallel, The New York Times reported that Coinbase is under investigation by the U.S. Securities and Exchange Commission (SEC) over allegations that it inflated its reported user numbers. The probe centers around a figure claiming the exchange had over 100 million users, which appeared in its 2021 IPO prospectus and marketing materials. The company quietly stopped reporting that number in 2023.

Coinbase shares fell 7.2% on Thursday, just days before the company is expected to join the S&P 500 index. Despite the timing, executives maintain that security improvements are underway and that confidence will be restored.