Crypto giant Coinbase said during a legally-required filing with U.S. regulators, that its systems have been breached, and customer data, including government-issued identity documents, were stolen. A hacker reportedly told the company that they obtained information about customer accounts, and demanded money in exchange for not publishing the stolen data.
Coinbase said the hacker “obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.” The company also revealed the support staff are no longer employed with Coinbase.
According to the filing, this activity was detected “in the previous months,” and that it has “warned customers whose information was potentially accessed in order to prevent misuse of any compromised information.”
READ: Trump threatens Social Security shutdown over access to citizen data (March 21, 2025)
Coinbase CEO Brian Armstrong revealed via X that the hackers demanded $20 million from the company. Coinbase stated it would not be paying the ransom. Instead, the company will be “cooperating closely with law enforcement to pursue the harshest penalties possible,” and “establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”
Coinbase said the hacker stole customer names, postal and email addresses, phone numbers, and the last four digits of users’ Social Security numbers, as well as asked bank account numbers and some banking identifiers. The stolen data also included customers’ government-issued identity documents such as driver’s licenses and passports, account balance data and transaction histories. Some corporate data including internal documentation were also stolen.
READ: Immigrants mistakenly declared dead by Social Security to urge them to leave US (April 11, 2025)
Coinbase spokesperson Natasha LaBranche told TechCrunch that the number of affected customers is less than 1% of its 9.7 million monthly customers, per the company’s latest annual report ending March 2025. The company said it expects to incur costs of around $180 million to $400 million relating to incident remediation and customer reimbursements.