Coinbase Global’s shares fell more than 7% on Thursday after the crypto exchange said a cyberattack that breached customer account data could cost the company up to $400 million.
The stolen account data – which affected a “small subset of customers” – included names, addresses, phone numbers, emails and government ID images. Passwords and private keys were not compromised, the company said in a regulatory filing on Thursday.
COINBASE INVESTS $25M IN 2026 MIDTERM ELECTIONS WITH COMMITMENT TO PRO-CRYPTO SUPER PAC
The online platform, which has more than $328 billion in assets, received an email on May 11 from an unknown threat actor claiming to have customer account information as well as internal documents. The cybercriminals demanded a $20 million ransom in exchange for not sharing the information publicly, the filing noted.
The hackers paid multiple contractors and employees working in support roles outside the U.S. to obtain the information. Coinbase fired those involved and referred them to law enforcement, according to the company.
COINBASE DUNKS ON TRADITIONAL PAYMENT METHODS IN $15M NBA AD SPEND
“Cybercriminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” Coinbase wrote in a blog post on Thursday. “These insiders abused their access to customer support systems to steal the account data for a small subset of customers.”
The crypto exchange has not paid the hackers and will reimburse customers that were tricked into sending them funds. Coinbase has estimated expenses related to remediation costs and customer reimbursements to range between $180 million and $400 million, according to the filing.
COINBASE SUES SEC, FDIC FOR INFORMATION RELATING TO CRYPTO REGULATION
“We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received,” Coinbase said.
Additionally, Coinbase is offering a $20 million reward for information leading to the arrest and conviction of those responsible for the attack. It is also hardening defenses and opening a new support hub in the U.S., according to the company.
The announcement of the cyberattack comes as the U.S. Securities and Exchange Commission has started investigating whether Coinbase has misstated its number of users, according to Reuters.
CLICK TO GET THE FOX NEWS APP
Coinbase and the SEC did not immediately respond to FOX Business’ request for comment.
Read the full article here
