Jerry Jackson Coinbase, the largest cryptocurrency exchange in the United States, revealed a major cyberattack that may cost the company between $180 million and $400 million. Hackers accessed limited personal data of some customers, including names, addresses, and email addresses, but did not obtain passwords or login details. The attackers reportedly bribed overseas third-party contractors to steal information from Coinbase’s internal systems. The company quickly terminated those involved and refused a $20 million ransom demand.
Hackers Exploit Overseas Contractors to Breach Coinbase
The cyberattack surfaced on May 11 when Coinbase received a threatening email from an unidentified individual claiming possession of sensitive customer data and internal documents. Investigations revealed that the hackers used bribery to gain access through external contractors based abroad, bypassing Coinbase’s security layers. In response, Coinbase fired the employees implicated in the data leak.
Instead of paying ransom, Coinbase has created a $20 million reward fund to encourage informants to come forward. The company is working closely with law enforcement to identify and prosecute the culprits.
Customer Compensation and Security Measures
Although no accounts were directly hacked, some customers fell victim to impersonation scams by the attackers. These criminals tricked users into transferring digital assets, causing financial loss. Coinbase has pledged to reimburse all customers affected by these fraudulent transfers.
“We do not support criminal behavior and have strengthened our internal security,” Coinbase said in a statement. The company emphasized its commitment to protecting users and improving system defenses against future attacks.
Growing Security Challenges in the Crypto Industry
The breach occurred just before Coinbase’s anticipated inclusion in the prestigious S&P 500 index. This milestone highlights the growing mainstream acceptance of cryptocurrencies but also spotlights rising cyber risks.
Earlier in 2025, Bybit, the world’s second-largest crypto exchange, suffered a $1.5 billion hack—considered the largest crypto theft ever. Chainalysis reports that crypto platforms lost approximately $2.2 billion to hackers in 2024 alone, marking four straight years of losses exceeding $1 billion.
Nick Jones, head of the crypto platform Zumo, noted, “Security threats evolve as the industry grows. Coinbase’s refusal to pay ransom and focus on user reimbursement sets a strong precedent.”
By refusing to comply with ransom demands and offering compensation to affected users, Coinbase is setting a firm example for security accountability in the crypto space. The company’s $20 million reward fund also demonstrates its proactive stance against cybercrime.
As the cryptocurrency market matures, experts emphasize the need for robust cybersecurity measures to protect both platforms and customers. Enhanced cooperation between firms and law enforcement is essential to combat increasingly sophisticated attacks.