Crypto exchange Coinbase faced an attack that led to stolen customer data and potential damages estimated at up to $400 million.

A Targeted Approach

The attackers approached overseas contractors for months, attempting to bribe them into releasing customer information. Once successful, the criminals threatened to leak the data unless Coinbase paid a $20 million ransom in bitcoin. Despite refusing to pay and notifying law enforcement, the company decided to cover reimbursement expenses ranging from $180 million to $400 million for affected customers.

Coinbase highlighted that no passwords, private keys, funds, or Coinbase Prime accounts were compromised, and less than 1% of its monthly transacting users were impacted. The company also announced a $20 million reward for information leading to the arrest and conviction of those responsible.

A Threat to Financial Organizations

Employees have become increasingly targeted by cybercriminals aiming to gain access to company data. Financial organizations, such as Coinbase—the largest crypto exchange in the U.S., are prime targets due to their possession of significant amounts of personal and financial information.

Coinbase’s large acquisitions and introduction of new technologies reflect its strategic response to the surging interest in digital assets. Given its global scale, the likelihood that Coinbase would be targeted by criminals has increased.

Enhancing Vetting Procedures

Manipulative attacks designed to trick consumers or employees into revealing protected data have become more sophisticated, making fraud a critical issue businesses can no longer afford to overlook.

Coinbase responded by terminating involved employees, warning affected customers, and strengthening its fraud defenses. This incident is expected to prompt crypto exchanges like Coinbase and other financial services companies to reevaluate contractor relationships and conduct more thorough vetting of employees with access to sensitive data.