Coinbase is dealing with a major security incident after a group of cybercriminals targeted the cryptocurrency exchange in a data breach that has sparked global attention.
In what is being called one of the most serious insider threat cases in the crypto industry, hackers bribed Coinbase support agents to access sensitive customer data. The attackers demanded a $20 million ransom in Bitcoin, threatening to leak stolen information if their demands were not met.
Coinbase CEO, Brian Armstrong, confirmed the breach and the ransom demand, vowing the company will not negotiate with criminals. Instead, the platform is offering a matching $20 million bounty for information leading to the attackers’ arrest.
The crypto exchange revealed that the breach occurred on 11 May, when hackers bribed overseas support agents to obtain access to the company’s internal customer service tools.
This allowed the attackers to gather sensitive customer data, including names, phone numbers, email addresses, and partially masked social security and bank account numbers. Some users’ ID document images and account balance snapshots were also accessed.
Although Coinbase confirmed that no customer funds, passwords, private keys, or wallets were compromised, the breach still exposed users to social engineering scams.
By using the stolen information, the attackers could impersonate Coinbase representatives and trick customers into revealing further sensitive information or transferring cryptocurrency to fraudulent accounts.
Coinbase stressed that less than 1% of its active monthly users were affected by the breach. Impacted users have been directly notified, and their accounts are now under stricter monitoring, especially when it comes to large withdrawals.
The company also promised to reimburse customers who were tricked into sending funds to scammers as a result of this incident.
In its official blog post, Coinbase apologised to affected customers, saying: “Crypto adoption depends on trust. We’re sorry for the worry and inconvenience this incident caused. We’ll keep owning issues when they arise and investing in world‑class defences — because that’s how we protect our customers and keep the crypto economy safe for everyone”.
Bounty, security upgrades, and law enforcement cooperation
Following the breach, Coinbase made it clear that it would not negotiate with the cybercriminals, instead flipping the $20 million ransom demand into a bounty for information that could lead to the identification and capture of the attackers.
The company is encouraging anyone with credible information to contact its security team at security@coinbase.com.
Coinbase has also confirmed that blockchain analytics tools are being used to trace the stolen funds and associated wallet addresses. All accounts and wallets linked to the attackers have been flagged.
Internally, the exchange took swift action. The employees involved were fired immediately and referred to law enforcement agencies in the United States and abroad. Coinbase warned that it will press criminal charges against those responsible.
Armstrong explained that Coinbase is strengthening its security infrastructure to prevent future incidents.
The company is relocating some of its support operations back to the United States and opening a new customer support hub. It is also rolling out enhanced insider threat detection systems and running regular security simulations.
Armstrong reminded customers to remain vigilant against scams, reiterating that Coinbase will never ask for passwords, private keys, or request funds to be sent anywhere. He added, “If you receive such a call, hang up. We’ll never ask you to contact an unknown number to reach us”.
Canada to lead in crypto regulation
Meanwhile, at the Consensus 2025 conference in Toronto, the CEO of Coinbase Canada, Lucas Matheson, used the occasion to call for stronger crypto leadership from Canada’s new government.
Speaking on a panel titled “What the new Canadian Government Needs to do to Lead In Crypto”, Matheson warned that Canada risks falling behind other countries unless it acts quickly to embrace digital assets and blockchain technology.
He proposed that the new administration, led by Mark Carney, establish a government-led crypto task force within the first 100 days. This task force would be tasked with creating a national crypto strategy, defining digital assets, regulating stablecoins, and allowing banks to securely hold cryptocurrencies.
He also suggested that Canada should create a strategic Bitcoin reserve and integrate crypto mining with existing data centres.
Matheson pointed out that stablecoins could play a key role in making digital assets less speculative. He argued for the creation of a Canadian-dollar-denominated stablecoin to make financial transactions more efficient and reduce remittance costs for Canadians.
“One in five Canadians remit money abroad. We pay between 6% and 12% to remit money all around the world. And today, with crypto, you can click different buttons on your phone and send your friends and family 6% to 12% more money”, he said.
Matheson also noted that 15% of Canadians are underbanked, which presents an opportunity to drive innovation and financial inclusion through crypto adoption.
To promote policy change, he highlighted the “Stand With Crypto” initiative, which aims to educate lawmakers on the benefits of blockchain and address misconceptions.
He expressed optimism that the new government is motivated to embrace technologies that can boost Canada’s economic advantage but warned that delays could see Canada fall behind in the global race.
“Our legal system is a square peg, round hole, problem. We have too many layers of securities regulators, and that makes it hard for Canadians to access compliant crypto services at home. This forces them to use VPNs or offshore platforms, exposing them to more risks”, Matheson cautioned.
He urged the government to act quickly, adding that as a regulated financial institution, Coinbase wants to ensure Canadians can use crypto products and services safely and legally.
