One of the world’s top cryptocurrency exchanges, Coinbase, is reeling from a major cyberattack that could cost the company as much as $400 million. The breach, which compromised less than 1% of its user data, involved a scheme where hackers bribed Coinbase contractors and employees to gain unauthorized access to

• Coinbase refused to pay a $20M ransom, offering a reward fund instead.

• Less than 1% of customer data was exposed, but scams followed.

• Entry into the S&P 500 highlights both growth and new vulnerabilities.

One of the world’s top cryptocurrency exchanges, Coinbase, is reeling from a major cyberattack that could cost the company as much as $400 million. The breach, which compromised less than 1% of its user data, involved a scheme where hackers bribed Coinbase contractors and employees to gain unauthorized access to sensitive customer information.

The hackers then impersonated Coinbase, tricking affected users into handing over cryptocurrency assets. With this, the attackers asked for $20 million in hush money, which Coinbase declined to pay. Instead, the company has committed to compensating all defrauded customers and has established a $20 million bounty for tips leading to the arrest of the criminals.

Growing Threats Amid Mainstream Milestones

The timing of this assault is especially significant. It comes just days before Coinbase’s induction into the S&P 500, a significant achievement for both the company and the broader crypto industry. However, it also highlights how increased legitimacy makes crypto firms even more attractive targets for cybercriminals.

A report by blockchain research firm Chainanalysis reveals that crypto hacks accounted for $2.2 billion in losses in 2024 alone. According to Nick Jones, founder of crypto platform Zumo, “Security remains a challenge for the crypto industry despite its growing mainstream acceptance.”

As the industry continues to expand rapidly, hackers are becoming more strategic and sophisticated, often exploiting human vulnerabilities and third-party weaknesses rather than direct software flaws.

A Firm Response to a Severe Breach

Coinbase initially got wind of the breach through an email from an “unknown threat actor” on May 11. The firm replied with prompt in-house action, letting the employees and contractors involved in the leaking of customer data go. Coinbase has also notified users of possible future scams and asked them to be more vigilant.

In a statement, the company emphasized:

“Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a new account or wallet.”

Coinbase has also reassured users that no passwords, private keys, or core systems were compromised in the attack.

The financial impact is currently estimated at $180 million to $400 million, including both direct remediation efforts and voluntary customer reimbursements. The firm disclosed the figures in a filing with the U.S. Securities and Exchange Commission (SEC).

Highlighted Crypto News Today:

‌Hyperliquid (HYPE) Eyes Key $30 Breakout After 170% Rally — What Traders Should Watch