Cryptocurrency platform Coinbase has announced that it has been the victim of a hack. Although the financial impact of $400 million (€357 million) is not the largest in the crypto world, the impact is far-reaching. The incident comes three days after Coinbase was added to the S&P 500 stock index. Malicious actors had accessed customer data since January by bribing employees.
Coinbase manages the lion’s share of the $122 billion in tokens owned by spot Bitcoin ETFs. Therefore, the hack has a symbolic significance greater than the $400 million suggests. Although the company emphasizes that the Coinbase Prime service was unaffected, hackers accessed valuable customer data for months.
Bribery and data theft
The attack method was remarkably effective. Customer representatives were bribed to steal customer data, after which the hackers demanded $20 million in ransom to delete the data. Coinbase noticed unusual activity among some employees as early as January, but the full extent of the data breach only became clear later.
The stolen information includes names, dates of birth, addresses, nationalities, ID numbers, bank details, and account creation and balance details. This data could be used to impersonate Coinbase and trick customers into providing access to their accounts. There is also a risk that criminals could pose as victims to other service providers to gain access to other financial accounts.
No ransom, but a reward
Coinbase said less than 1 percent of monthly active users were affected. The company has decided not to pay the ransom. Instead, Coinbase is offering a $20 million reward to anyone who can provide information leading to the arrest and conviction of the attackers.
The incident at Coinbase illustrates the crypto industry’s continued vulnerability to hacks and data breaches. According to research firm Chainalysis, approximately $2.2 billion has already been lost to such incidents in 2024. Social engineering attacks, in which criminals manipulate people to gain unauthorized access to data rather than exploiting security vulnerabilities in computer code, are becoming increasingly popular in the crypto world.
The news of the hack, combined with reports of an ongoing SEC investigation into how Coinbase reported its user numbers, caused the stock to fall more than 7 percent on Thursday.
Tip: Coinbase raises $300 million to accelerate global expansion