Coinbase estimates USD $ 400 million as a result of the data gap
By Hannah Pérez
The exchange said on Thursday that cyber criminals stole user data and tried to blackmail the company for USD $ 20 million. Now he hopes having to reimburse those affected up to USD $ 400 million.
***
- A presentation to the SEC reveals new details about the coinbase security gap.
- Coinbase estimate to pay between USD $ 180 million and USD $ 400 million to affected users.
- The attackers demanded the payment of USD $ 20 million in Bitcoin in exchange for not publishing vulnerability.
- Customer service workers were bribed by the actors to deliver data.
After revealing that cybercriminals managed to steal data from their users, Coinbase Now it has estimated expenses for up to USD $ 400 million related to the security gap suffered by the Exchange.
In a blog post on Thursday, the largest cryptocurrency exchange in the United States, reported that it had been the subject of blackmail by malicious actors, which demanded a payment of USD $ 20 million in exchange for not revealing vulnerability.
It turns out that the attackers managed to obtain data from users of Coinbase As names, addresses, telephone numbers, images of identity documents, among others, after having bribed to members of the customer service personnel.
Cybercounts potentially used this information to deceive customers in social engineering campaigns, where Coinbase To obtain accounts and steal user cryptocurrencies. In the statement, the company said the event had affected less than 1% of its active users monthly.
Coinbase He said in the brief that the dishonest employees behind the rape were dismissed immediately after the discovery, although without revealing when the escape occurred or how many employees were involved.
As part of the measures to address the incident, the exchange assured that it would implement new controls and that it was working with industry companies to trace stolen funds. He also promised to reimburse affected users.
New details about the security gap
But beyond the statement shared with the public, Coinbase He also presented a document before the US stock and values commission. UU. (SEC), as discovered several media, where additional details of the incident are provided.
In the presentation, the company detailed received “Email communication from an unknown threat agent who claimed to have obtained information about certain Coinbase clients accounts, as well as internal coinbase documentation, including material related to customer service systems and accounts management“
“Communication demanded money in exchange for not publicly disseminating information“, Adds the statement before the SEC, revealing that the message of cybercriminals came on May 11, 2025.
The CEO of CoinbaseBrian Armstrong, paid for these details in a message on social networks, in which he said that The attackers demanded payment in Bitcoin, for a value of USD $ 20 million -a figure that coincides with what is expressed in the blog statement.
https://t.co/evpibmfvrw pic.twitter.com/f6updkl5R0
– Brian Armstrong (@Brian_armstrong) May 15, 2025
Armstrong also confirmed that the firm denied the request for criminals and launched a USD $ 20 million rewards program to track the culprits in their place.
Coinbase estimates USD $ 400 million expenses
In your presentation, Coinbase also shared with the stock regulator that He hopes to pay between USD $ 180 million and USD $ 400 million to customers for data violation on its platform.
“Based on the information available to the company on the date of this document and in facts that continue to evolve, the company has preliminary that expenses will range between approximately 180 and 400 million dollars for repair costs and voluntary reimbursements of customers in relation to this incident“It is read in that document.
The company, which quotes its actions in Nasdaq, added that “has not experienced important operational repercussions“And that is still”evaluating the total financial impact of the incident“, So these numbers could vary.
“The company plans to adopt all necessary measures. Since the company’s research is in progress, the total impact of these events is not yet known“, wrote Coinbase to the sec.
Confirmation of cyber criminal activity occurs months after the ZachxbT chain detective reported that users of Coinbase They had lost about USD $ 300 million due to social engineering scams.
Hannah Estefanía Pérez / Diariobitcoin
Image generated with AI tool, under free use license
WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.
Subscribe to our newsletter
