Coinbase, was hit by a extortion attempt after cybercriminals successfully bride and worked in cahoots with several customer support contractors to access internal systems and steal limited user account data.

After stealing the data, the attackers attempted to extort $20 million worth of Bitcoin from Coinbase in exchange for not disclosing the breach.

Instead of giving it to the criminal's demands, the company has offered the same amount of money to white-hat hackers who can help Coinbase in catching those responsible for the scheme.

Coinbase Reimburses affected customers

In a X post, Coinbase revealed that some "insiders" provided external actors with access to customer data, but the number of Coinbase users affected was less than 1%.

The company has declined to say how much customer information was accessed, but it assured that no passwords, private keys, funds were exposed, and Coinbase Prime accounts remain unaffected.

Coinbase has since terminated the involved insiders and is cooperating with U.S. and international law enforcement. In an interview with Fortune, it was also revealed that all these insiders worked in India.

The company also pledged to reimburse users who were tricked into sending cryptocurrency to phishing scammers, with expected remediation and reimbursement expenses estimated between $180 million and $400 million.

The estimate was written in an 8-K Filing with the U.S Security and Exchange Commission on May 15. Coinbase has classified these expenses under the category of voluntary customer reimbursement and other remediation efforts.

Coinbase strengthens internal security protocols

Armstrong revealed that the attackers have been vying over the exchange's overseas customer support agents for months, finding numerous ways and ideas to bribe them in exchange for customer information.

https://t.co/evpIBMFvRWpic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
a

To further protect users, Coinbase is relocating some customer support operations to the U.S. and enhancing internal security protocols.

The company has also introduced mandatory scam-awareness prompts for flagged accounts and recommends enabling withdrawal allow-listing and two-factor authentication.

Cryptocurrency exchanges are top targets for hackers and other cybercriminals, as bitcoin and other cryptocurrencies work outside of traditional banking systems and are often difficult to retrieve if stolen.

Blockchain security analysts estimate that Coinbase users lost $45 million to phishing schemes in the week leading up to May 7, with annual losses exceeding $300 million.

The incident has also contributed to a 6% decline in Coinbase’s stock price following the disclosure.