{"id":52517,"date":"2025-05-15T22:36:58","date_gmt":"2025-05-15T22:36:58","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/coinbase-breach-attackers-demand-20m-ransom\/"},"modified":"2025-05-15T22:36:58","modified_gmt":"2025-05-15T22:36:58","slug":"coinbase-breach-attackers-demand-20m-ransom","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/coinbase-breach-attackers-demand-20m-ransom\/","title":{"rendered":"Coinbase breach: attackers demand $20M ransom"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div data-site=\"CoinJournal\">\n<div class=\"-mt-16  mb-8  lg:-mt-20  rounded-md  shadow-md\">\n<div class=\"relative  z-10  post-article-image  rounded  overflow-hidden\" data-site=\"CoinJournal\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image-45-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image-45-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image-45-smartcrop-750x375.png\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2025\/05\/image-45-smartcrop-363x181.png\" type=\"image\/jpeg\"\/>\n<\/picture>                            <\/div>\n<\/p><\/div>\n<ul>\n<li>Attackers bribed support staff to access internal tools.<\/li>\n<li>$20M ransom demand redirected into reward fund.<\/li>\n<li>New protections live ahead of S&amp;P 500 entry.<\/li>\n<\/ul>\n<p class=\"\" data-start=\"101\" data-end=\"715\">Coinbase has disclosed a targeted cyberattack involving bribed overseas contractors, resulting in a significant data breach that impacted less than 1% of its monthly active users.<\/p>\n<p class=\"\" data-start=\"101\" data-end=\"715\">While no funds, passwords, or private keys were exposed, the attackers accessed internal systems and extracted sensitive customer information.<\/p>\n<p class=\"\" data-start=\"101\" data-end=\"715\">The incident highlights growing concerns over insider threats in centralised crypto platforms and comes at a crucial moment, with Coinbase preparing for its inclusion in the S&amp;P 500 index.<\/p>\n<p class=\"\" data-start=\"101\" data-end=\"715\">The company has launched new user protections and is expecting up to $400 million in related expenses.<\/p>\n<h2 class=\"\" data-start=\"717\" data-end=\"753\">Bribed contractors enabled access<\/h2>\n<p class=\"\" data-start=\"755\" data-end=\"1058\">The breach occurred through a coordinated social engineering effort in which a group of overseas contractors were bribed to grant attackers access to internal tools.<\/p>\n<p class=\"\" data-start=\"755\" data-end=\"1058\">Although Coinbase did not specify the country involved, it confirmed that Coinbase Prime accounts used by institutions were not affected.<\/p>\n<p class=\"\" data-start=\"1060\" data-end=\"1370\">Attackers obtained partial bank information, addresses, phone numbers, and masked Social Security digits, aiming to impersonate the platform and extract further assets through phishing.<\/p>\n<p class=\"\" data-start=\"1060\" data-end=\"1370\">Coinbase warned that the information was intended to target users in follow-up scams by posing as legitimate support agents.<\/p>\n<h2 class=\"\" data-start=\"1372\" data-end=\"1395\">$20M ransom rejected<\/h2>\n<p class=\"\" data-start=\"1397\" data-end=\"1725\">After the breach was discovered, the attackers demanded a $20 million payment to stay silent.<\/p>\n<p class=\"\" data-start=\"1397\" data-end=\"1725\">Coinbase rejected the demand and instead diverted the amount into a <a href=\"https:\/\/x.com\/coinbase\/status\/1922967577568985185\">reward fund<\/a> to help track down those responsible.<\/p>\n<p class=\"\" data-start=\"1397\" data-end=\"1725\">The company is now offering up to $20 million for information leading to the arrest and conviction of the attackers.<\/p>\n<p class=\"\" data-start=\"1727\" data-end=\"1980\">Coinbase has also engaged blockchain analytics firms to flag addresses connected to the attackers, freeze potential stolen assets, and monitor the flow of funds.<\/p>\n<p class=\"\" data-start=\"1727\" data-end=\"1980\">Law enforcement agencies in the US and abroad have been alerted to pursue criminal charges.<\/p>\n<h2 class=\"\" data-start=\"1982\" data-end=\"2009\">New protections deployed<\/h2>\n<p class=\"\" data-start=\"2011\" data-end=\"2358\">To limit future attacks and mitigate risks from the breach, Coinbase has implemented several new security protocols.<\/p>\n<p class=\"\" data-start=\"2011\" data-end=\"2358\">These include additional ID verification during withdrawals, real-time scam alerts, and enhanced scrutiny for accounts flagged as high risk.<\/p>\n<p class=\"\" data-start=\"2011\" data-end=\"2358\">A new customer support hub has been launched in the US to reduce third-party outsourcing.<\/p>\n<p class=\"\" data-start=\"2360\" data-end=\"2621\">Internally, Coinbase has strengthened its insider threat detection and now runs continuous red-team testing.<\/p>\n<p class=\"\" data-start=\"2360\" data-end=\"2621\">It has pledged to make impacted customers \u201cwhole\u201d if any further scams succeed using the stolen data, and is reviewing potential indemnification claims.<\/p>\n<h2 class=\"\" data-start=\"2623\" data-end=\"2657\">S&amp;P 500 listing under spotlight<\/h2>\n<p class=\"\" data-start=\"2659\" data-end=\"2990\">The disclosure comes just days before Coinbase\u2019s entry into the S&amp;P 500, making it the first crypto-native company to achieve the distinction.<\/p>\n<p class=\"\" data-start=\"2659\" data-end=\"2990\">With estimated costs from the breach ranging between $180 million and $400 million, analysts expect scrutiny to rise over the exchange\u2019s security infrastructure and operational resilience.<\/p>\n<p class=\"\" data-start=\"2992\" data-end=\"3223\">Coinbase said a full assessment of losses, legal claims, and potential recoveries is underway, but the incident underscores the challenges centralised exchanges face in guarding user data against both external and internal threats.<\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/coinbase-breach-attackers-demand-20m-ransom\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) Attackers bribed support staff to access internal tools. $20M ransom demand redirected into reward fund. New protections live ahead of S&amp;P 500 entry. Coinbase has disclosed a targeted cyberattack involving bribed overseas contractors, resulting in a significant data breach that impacted [&hellip;]<\/p>\n","protected":false},"author":3947362361,"featured_media":52518,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/52517"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/3947362361"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=52517"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/52517\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/52518"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=52517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=52517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=52517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}