Coinbase Refuses to Pay Ransom and Launches Hunt for Hackers
Date: 2025-05-16 Author: Gabriel Deangelo Categories: BUSINESS
Coinbase officially announced the hack, as a result of which the attackers gained access to the data of a limited number of users. The incident occurred due to the bribery of support employees located outside the United States. The hackers received information about less than 1% of customers - in particular, names, addresses, and emails. At the same time, passwords, private keys, and assets remained safe.
According to company representatives, it all started on May 11 with an anonymous letter in which the author claimed to have confidential information about Coinbase customers and demanded $20 million for silence. The exchange refused to comply with the demands and turned to law enforcement agencies. In exchange, it was decided to create a prize fund in the amount of the ransom - $20 million will be received by anyone who helps catch the criminals.
The Coinbase blog reports that the damage was minimized thanks to the prompt actions of the security team. All affected users who succumbed to social engineering schemes and sent funds to scammers will receive compensation. It is specified that Coinbase Prime customers were not affected.
The company is also strengthening the security of the infrastructure. Among the new measures are mandatory checks for large withdrawals of funds for suspicious accounts, the launch of a new support center in the United States, expanded monitoring of employee activities, and investments in technology to identify internal threats. Contractors and employees involved in the transfer of information were fired and handed over to the investigation.
Wintermute CEO Evgeny Gaevoy sharply criticized the situation, calling it a consequence of an overly strict KYC/AML regime. In his opinion, such rules create convenience for the authorities, but put privacy at risk and weaken user protection.
Meanwhile, the SEC report from May 15 indicated that the total costs of resolving the incident could be between $180 million and $400 million. This includes both compensation and costs for updating security systems.
Coinbase also reminded that its employees never call customers with requests to transfer funds or provide 2FA codes. Earlier, in March, users had already complained about phishing emails from scammers posing as representatives of the platform.
Analyst ZachXBT reported that in the first week of May alone, victims of attacks on Coinbase users lost $45 million - all this is the result of well-organized social engineering schemes.
