Hackers Bribed Coinbase Employees to Steal Customer Data

In a cybersecurity incident report to the U.S. Securities and Exchange Commission (SEC), Coinbase says hackers bribed multiple employees to share information about customer accounts and internal Coinbase documentation.

Coinbase (NASDAQ:COIN) has disclosed a cyber attack in which hackers bribed exchange employees to gain access to customer data and internal documentation, according to a cybersecurity incident report to the U.S. Securities and Exchange Commission (SEC).

The report says that the hackers were able to use the illegally obtained info to threaten the exchange with a no-good trade. According to Coinbase, the hackers planned to disclose the customer data and internal documentation unless they were paid $20 million in Bitcoin (BTC).

Coinbase says it will pay an estimated $180 million to $400 million in remediation costs and voluntary customer reimbursements. The exchange adds that it is still investigating the affected data, which it says may include:

* Customer names, email addresses, phone numbers, physical addresses, and SSNs

* Internal documentation such as payroll information for less than 5,000 employees

* Bank routing numbers and account numbers for less than 1,000 employees

* Taxpayer ID numbers for less than 5,000 employees

* Passport information for less than 150 employees

* Employment authorization documents for less than 250 employees

Coinbase says it is cooperating with law enforcement in the investigation and that the employees involved have been fired. It also says it will not pay the hackers’ ransom.

“We are disappointed that a small number of former employees betrayed the trust placed in them by engaging in unlawful conduct and cooperating with cyber criminals. These employees were located in a limited number of offshore customer support centers and were not involved in any core engineering, technology, or operational roles. We are grateful for the swift actions of our teams and cooperate fully with law enforcement in this ongoing investigation.

We will not pay any ransom to the attackers. The attempt to extort money from Coinbase will not succeed.

Coinbase is focused on emerging stronger from this incident. We are taking several steps, including:

• Completing a full accounting of the affected data and notifying affected individuals.

• Providing Point-of-Sale gift cards to all U.S. customers and rolling over any remaining crypto to customer accounts.

• Offering credit monitoring and identity theft protection to affected individuals.

• Making voluntary contributions to relevant community organizations in each country where affected customers reside.

We are committed to doing what is right for our customers and employees, and we will continue to work diligently to resolve this matter.”

Coinbase's stock price has fallen over 4% since the news broke.

In a video posted to the social media platform X, CEO Brian Armstrong says that Coinbase will pay back those affected, increase cyberattack defenses, and relocate certain overseas customer support operations. According to Armstrong, the bribed Coinbase employees were all “overseas support agents”. He adds that the firm is contacting all U.S.-based customers to offer them Point-of-Sale gift cards and will roll over any remaining crypto to customer accounts. He also says that the company will be providing credit monitoring and identity theft protection to those affected and making voluntary contributions to community organizations in each country where affected customers reside.

"This was a coordinated effort by a group of hackers to steal data from Coinbase users and threaten to release it unless we paid them a ransom. To our knowledge, no core Coinbase employees were involved in this incident. Rather, the hackers were able to bribe a small number of offshore customer support employees to cooperate with them. These employees appear to have granted the hackers access to a limited amount of data, including names, email addresses, physical addresses, and in some cases SSNs for a small percentage of U.S. based Coinbase users. They also appear to have gained access to internal documentation such as payroll information for less than 5,000 employees, bank routing numbers and account numbers for less than 1,000 employees, and taxpayer ID numbers for less than 5,000 employees. In addition, the hackers were able to gain access to passport information for less than 150 employees and employment authorization documents for less than 250 employees. We are still investigating the full scope of the affected data. We are also aware that the hackers were able to access a limited amount of data relating to a small number of enterprise customers. We are working directly with those customers to disclose the nature of the affected data and provide them with remediation measures. We will not pay any ransom to the attackers. The attempt to extort money from Coinbase will not succeed.

We are focused on emerging stronger from this incident. We are taking several steps, including completing a full accounting of the affected data and notifying affected individuals. We will also be making a contribution to a relevant community organization in each country where affected customers reside. We are grateful for the swift actions of our teams and cooperate fully with law enforcement in this ongoing investigation.

Coinbase is a leading platform that provides secure and trusted cryptocurrency trading and custody services. The company is committed to doing what is right for its