News

Will Coinbase’s $20M bounty help apprehend the attackers?

Published

7 hours ago

May 15, 2025

Coinbase reveals insider attack, declines ransom, and offers a $20M bounty for information on attackers who stole user data through social engineering.

A group of attackers who stole from Coinbase users are asking for ransom for user data stolen. Coinbase is bent on paying nothing.

Coinbase has disclosed that some users fell victim to online criminals through social engineering. These criminals obtained user data by bribing customer support staff overseas to access the Coinbase platform.

With this access, the attackers impersonated Coinbase to deceive customers and steal cryptocurrency using social engineering tactics.

According to Coinbase, although the attackers accessed some personal details—such as names, addresses, phone numbers, emails, partial Social Security numbers, bank information, ID images, account history, and internal materials—they missed other critical information.

Coinbase assured users that passwords, private keys, and customer funds remained secure. Moreover, Coinbase Prime accounts were not compromised.

Following the breach, the criminals demanded a $20 million ransom for the stolen data and assets. In response, Coinbase announced it would not pay the ransom. Instead, they offered an equal reward to anyone who could provide information leading to the criminals.

We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.
— Coinbase 🛡️ (@coinbase) May 15, 2025

“Working with industry partners, we’ve tagged the attackers’ addresses so the authorities can track and work to recover assets,” it said, while all insiders that facilitated the act were “fired on the spot and referred to U.S. and international law enforcement.”

For affected users, Coinbase announced it will reimburse losses after a review confirms them. The company has also implemented additional ID checks for high-risk transactions and launched a new support center in the U.S.

In 2025, the crypto stolen in Web3 due to hacks, scams, and exploits has been significant. According to CertiK’s Hack3d, about $1.67 billion was stolen in Q1 2025. This amount stems from 197 security incidents, marking a 303.38% increase from the previous quarter.

A large portion of this was due to the Bybit hack in February, linked to the Lazarus Group. Additionally, ChainCatcher reported that in January 2025, the industry lost $98.19 million from 40 hacking incidents and phishing attacks.