Cryptocurrency exchange faces up to $400 million in costs after hackers accessed sensitive data through bribed overseas contractors

Coinbase, the prominent cryptocurrency exchange, disclosed a significant data breach wherein hackers accessed sensitive customer information by bribing third-party contractors.

The breach, which came to light this week, involved the theft of personal data, including names, contact details, partial Social Security numbers, and government-issued IDs.

In a filing with the U.S. Securities and Exchange Commission (SEC), Coinbase revealed that the attackers obtained this information by paying multiple contractors or employees in support roles outside the United States to collect data from internal systems.

These individuals have since been terminated. The company detected the malicious activity in recent months and has notified affected customers to prevent misuse of the compromised information.

The stolen data encompasses customer names, postal and email addresses, phone numbers, the last four digits of Social Security numbers, masked bank account numbers, and some banking identifiers.

Additionally, government-issued identity documents, such as driver’s licenses and passports, along with account balance data and transaction histories, were compromised. Some corporate data, including internal documentation, was also accessed during the breach.

The hackers demanded a $20 million ransom from Coinbase in exchange for not publishing the stolen data.

However, the company has stated it will not pay the ransom. Instead, Coinbase has offered a $20 million bounty for information leading to the arrest of those responsible for the breach.

Coinbase estimates that the breach will result in costs ranging from $180 million to $400 million, covering incident remediation and customer reimbursements.

The company has announced plans to open a new U.S.-based support hub and strengthen its security defenses to prevent future incidents.

According to Coinbase spokesperson Natasha LaBranche, less than 1% of the company’s 9.7 million monthly customers were affected by the breach.

The company continues to work with law enforcement and cybersecurity experts to investigate the incident and enhance its security measures.