Coinbase, one of the world’s largest cryptocurrency exchanges, has disclosed a major security breach that compromised account data for a small subset of its customers. The company estimates the financial impact of the attack to be between $180 million and $400 million, causing its stock to drop nearly 3% on Thursday.
Details of the Cyberattack
The breach, which Coinbase described as an extortion attempt, was reportedly orchestrated by cybercriminals who bribed overseas support contractors to gain access to internal systems. The attackers obtained customer names, addresses, phone numbers, masked Social Security numbers, bank account details, and government ID images. However, Coinbase confirmed that passwords, private keys, and customer funds were not compromised.
The company received a $20 million ransom demand from the attackers but refused to pay. Instead, Coinbase has launched a $20 million reward fund for information leading to the arrest and conviction of those responsible.
Response and Security Measures
Coinbase has taken immediate action, including:
- Terminating the contractors involved in the breach.
- Opening a new U.S.-based support hub to strengthen security.
- Enhancing fraud-monitoring protections and insider-threat detection.
- Reimbursing affected customers who lost funds due to scams linked to the breach.
Industry Impact and Future Outlook
The incident highlights ongoing security challenges in the crypto industry, which has faced multiple high-profile cyberattacks in recent years. Coinbase’s response underscores the importance of robust security measures and employee vetting to prevent insider threats.
As the company works with law enforcement to track down the perpetrators, the breach serves as a stark reminder of the risks associated with digital finance and the need for continuous security improvements in the sector.