San Francisco: Leading U.S. cryptocurrency exchange Coinbase has warned of a potential $180 million(₹1,500 crore) to $400 million(₹3,300 crore) loss due to a recent cyberattack that compromised account data of some users. The breach, involving the bribery of overseas support staff, comes just days before Coinbase is set to join the S&P 500 index. As a result, it casts a shadow over a landmark achievement for the crypto industry.
Hackers Bribed Contractors, Demanded $20 Million (₹165 crore) Ransom
In a regulatory filing on Thursday, Coinbase cyberattack revealed that an unidentified threat actor contacted the company on May 11, claiming access to customer data and internal documents. While login credentials and passwords remained secure, personal information such as names, addresses, and emails was compromised.
Coinbase announced it would reimburse users after attackers tricked them into transferring funds. Meanwhile, the exchange revealed that hackers bribed non-U.S. contractors and support staff, and Coinbase has since fired all involved employees.
The attackers demanded a $20 million (₹165 crore) ransom, which Coinbase refused to pay. Instead, the company has offered a $20 million (₹165 crore) reward for information leading to their identification and arrest.
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
SEC Investigates Alleged Misreporting of User Data
Adding to its troubles, Coinbase is under ongoing scrutiny from the U.S. Securities and Exchange Commission (SEC) over whether it misrepresented user numbers in past disclosures. According to two sources, the SEC is focusing its inquiry on Coinbase’s “verified user” metric a data point the company stopped reporting two and a half years ago, Reuters reported.
Coinbase’s Chief Legal Officer Paul Grewal stated, “We strongly believe this investigation should not continue,” while asserting the company remains committed to cooperating with regulators.
A spokesperson denied that the SEC’s investigation relates to Coinbase’s KYC or Bank Secrecy Act compliance, despite earlier reports suggesting concern over compliance issues.
Crypto Security Woes Resurface Amid Industry Growth
This breach underscores the persistent security vulnerabilities facing the cryptocurrency industry, even as it gains mainstream traction. Analysts suggest the incident may push crypto platforms to tighten employee vetting and address reputational risks.
In 2024 alone, crypto hacks resulted in losses exceeding $2.2 billion(₹18,150 crore), per Chainalysis. Earlier this year, hackers carried out what many now call the largest crypto heist in history, stealing nearly $1.5 billion(₹12,375 crore) in digital tokens from Bybit.
Nick Jones, founder of crypto firm Zumo, remarked, “As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks.”
Coinbase is now bolstering defenses by opening a new support hub in the U.S. and implementing additional security measures to safeguard against future attacks.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing.