Coinbase Data Breach Exposes Customer Data, Hacker Demands Ransom

Coinbase Confirms Data Breach, Customer Data Stolen

Cryptocurrency exchange Coinbase has confirmed a data breach affecting a small percentage of its customers. The company disclosed the incident in a filing with U.S. regulators and a blog post.

Hacker Demands Ransom, Coinbase Refuses

According to Coinbase, a hacker contacted the company demanding $20 million to prevent the release of stolen data. The company refused to pay the ransom.

Stolen Data Includes Personal Information

The stolen data includes customer names, email and postal addresses, phone numbers, partial Social Security numbers, masked bank account information, and government-issued IDs. Account balances and transaction histories were also compromised.

Internal Systems Compromised

Coinbase believes the hacker gained access by manipulating support staff outside the United States. The company states these individuals are no longer employed. Coinbase detected the malicious activity in previous months and is notifying affected customers.

Coinbase Estimates Significant Costs

The company anticipates costs between $180 million and $400 million related to incident remediation and customer reimbursements. Coinbase assures users that less than 1% of its customer base is impacted.

For more information, see the SEC filing and the Coinbase blog post.