Coinbase has disclosed a major cybersecurity incident involving a coordinated bribery scheme targeting its overseas support staff, resulting in the theft of sensitive customer data and an attempted $20 million extortion. The cryptocurrency exchange revealed that cybercriminals paid off rogue contractors to gain internal access and harvest account-related information, including customer names, contact details, government IDs, masked banking data, and partial Social Security numbers.

According to a regulatory filing, the company received an extortion email on May 11 from an individual claiming to possess both customer and internal Coinbase data, threatening to leak it unless a ransom was paid. Coinbase has refused the demand and is actively cooperating with law enforcement in pursuit of those responsible. The firm emphasized that no passwords, private keys, or customer funds were compromised, and it assured that Coinbase Prime accounts were not affected.

The attackers exploited insider access to customer service platforms in what Coinbase described as a sophisticated social engineering campaign. Affected customers have been notified, and the company has taken swift action by terminating the involved employees, boosting fraud detection systems, and launching an internal investigation. Coinbase also announced it had independently discovered indicators of the breach months earlier.

Rather than yielding to the ransom, the company has committed to funding a $20 million reward for information leading to the identification and prosecution of the criminals. In addition, Coinbase pledged to reimburse customers who were deceived into transferring funds to the attackers.