Cryptocurrency exchange Coinbase has announced it may face a financial loss of $180 million to $400 million after a highly advanced cyberattack affected less than 1% of its users.
The breach was carried out by bribing overseas contractors and support staff to leak confidential customer information such as names, addresses, and email IDs. Although login details and passwords were not compromised, the attackers exploited the stolen data to pose as Coinbase and deceive users into handing over crypto assets.
Read more: Trump’s Crypto Dinner Push Sends $TRUMP Coin Soaring Amid Ethical Concerns
Coinbase, which is on the verge of being included in the S&P 500 index, rejected a $20 million ransom demand from the attackers. Instead, it offered a $20 million reward for any information that could help identify and apprehend those behind the hack. The company also committed to fully reimbursing customers who lost funds due to the scam.
This incident has drawn the attention of the U.S. Securities and Exchange Commission (SEC), which is investigating whether Coinbase provided misleading disclosures about user data in the past. However, Coinbase denied that there is any investigation into its KYC (Know Your Customer) practices.
Following the news, Coinbase shares dropped by more than 7%, dealing a reputational setback as the company prepares for a major stock market milestone. The incident highlights increasing cybersecurity risks in the cryptocurrency industry, with 2024 alone seeing roughly $2.2 billion in digital thefts, according to Chainalysis.
Coinbase has fired the employees involved, is cooperating with law enforcement, and plans to bolster security measures, including setting up a new support center within the U.S.
In a public statement, the company apologized for the incident, saying it remains committed to taking responsibility and enhancing platform security.
