Cryptocurrencies

Coinbase hit by hacker attack, 400 million reputational risk

The company refused to pay a $20 million ransom and assured that only one per cent of customers were stacked in the hack

by R.Fi.

16 May 2025

REUTERS/Dado Ruvic/Illustration/File Photo/File Photo

3' min read

Key points

The history of Coinbase
Hacker attack
Hacking victims
System Vulnerability
Sec investigation into the numbers

3' min read

New cyber attack on a cryptocurrency platform. Of course, in the long list of crypto companies that have fallen victim to cyber attacks, there have been cases with financial losses far worse than those suffered by Coinbase Global, but still, the figure is not insignificant. The company estimates an economic impact of around 400 million dollars, but the most relevant thing is that the victim is probably the most influential company in the crypto sector in the United States. That is to say: the hackers have reached their peak.

The History of Coinbase

Coinbase pioneered the integration of cryptocurrencies into the mainstream financial system, becoming the first listed crypto exchange platform. It holds the majority of the $122 billion in tokens held by spot ETFs on Bitcoin and played a key role in the crypto industry's recent lobbying campaign to support pro-regulatory candidates in the sector.

The hacker attack

The revelation of the attack comes just three days after Coinbase's inclusion in the S&P 500 index, a historic milestone that opens the door for its shares to be included in pension funds and benchmark-linked investment products. However, news of the cyber attack, coupled with rumours of an ongoing investigation by the Securities and Exchange Commission (Sec) into the disclosure of the number of users, caused the stock to plummet more than 7.2% to 244.44. But the first few beats of today's session seem to herald a timid recovery.

According to sources close to the matter, the attack had granted hackers near-constant access to sensitive data of high-value customers since January. Coinbase stated, however, that the Coinbase Prime service, used by ETFs and institutional investors, had not been compromised.

The method used by the hackers is as simple as it is disturbing: they bribed customer service operators, thereby obtaining identification and banking data, and then demanded a ransom of USD 20 million to delete them. The company detected anomalous movements as early as January and started internal investigations. The stolen data included names, dates of birth, addresses, nationalities, ID numbers, bank details, account history and balances. Sufficient information to facilitate identity fraud or attempts to access other victims' financial accounts. Coinbase also stated in a regulatory filing that it received the email with the ransom demand on 11 May, having already detected suspicious activity by external operators in the previous months. At the same time, some premium customers received notifications warning of possible unauthorised access. But Coinbase refused to pay the ransom and instead offered a $20 million bounty for information leading to the arrest of those responsible.

Some of the operators under investigation were based in India, as confirmed by Coinbase's chief security officer, Philip Martin, explaining that they were external staff involved in outsourcing operations. Their access was of course revoked as soon as the breach came to light.

The victims of the hack

The victims include at least one high-profile individual (not identified for privacy reasons), while David Jeong, a crypto founder from New York, reported receiving suspicious attempts to access his personal account, despite not having actively used it for two years.

The UK Data Protection Authority (ICO) has confirmed that it has received a report from the local branch of Coinbase and is assessing the information. It could trigger sanctions of up to 4% of annual global turnover in the event of serious breaches of data protection law.

'We constantly monitor our systems to ensure that customer information is only accessed when necessary and in accordance with our strict security standards,' the company specified, adding further that less than one per cent of monthly active users were affected and that anyone who suffered losses would be fully reimbursed.

System vulnerability

The case highlights a growing vulnerability related to social engineering attacks, which are becoming increasingly common in the crypto sector. According to Chainalysis, losses due to hacker attacks exceeded USD 2.2 billion in 2024. The Coinbase episode, with an estimated cost of 400 million, ranks as the eighth largest hack in the history of the industry, according to data from Elliptic.

"Our still young industry is growing rapidly and attracting the attention of increasingly sophisticated malicious actors, who are exploiting new tools and techniques, including artificial intelligence, to bypass security systems," commented Nick Jones, CEO of crypto platform Zumo.

Sec investigation into the numbers

Meanwhile, the New York Times reported that the SEC is investigating whether Coinbase has misreported user numbers in the past, in an investigation launched already under the Biden administration.

Coinbase's chief legal officer, Paul Grewal, commented: 'This is a residual investigation into a piece of data that we stopped publishing two and a half years ago, and which had been fully disclosed. While we believe the investigation should conclude, we will continue to work with the SEC to resolve this matter."