Coinbase Hacked: Hackers Demand $20 Million, CEO Launches $20 Million Bounty

Coinbase Hacked, $20 Million at Stake: Full Chronology and Impact

A cyberattack has once again shaken the crypto world. This time, Coinbase, one of the largest digital asset exchanges globally, became the target of a hacking incident that rattled the international financial industry. The breach, which began in late 2024 and was revealed in May 2025, involved an astonishing ransom demand of $20 million. What’s the full chronology of this case, its impact on users, and what strategic moves did Coinbase’s management make?

Hack Chronology: Vulnerabilities in External Service Providers

The hack originated from a social engineering attack targeting Coinbase’s overseas external customer service agents. The perpetrators managed to bribe several support agents to access and copy sensitive customer data from the company’s internal systems. Due to lax oversight and suboptimal access control, over 69,000 customers fell victim to this data breach.

The stolen data included names, addresses, emails, the last four digits of Social Security numbers, bank account details, and government-issued IDs such as passports and driver’s licenses. The breach only came to light after Coinbase received an extortion email from the hackers on May 11, 2025, demanding a $20 million ransom to prevent public exposure of the data.

Coinbase Fights Back: Refuses Ransom, Launches Bounty

Refusing to bow to pressure, Coinbase’s CEO immediately announced that the company would not pay the perpetrators a single cent. Instead, Coinbase launched a bounty program offering the same amount, $20 million, to anyone who could help law enforcement capture and prosecute the hackers.

This bold move sent a strong signal to cybercriminals that Coinbase would not compromise with extortion and encouraged the global community to collaborate in tracking down those responsible.

Financial and Reputational Impact

The incident’s impact was immediately felt on the stock market. Coinbase’s shares plunged more than 7% following the breach announcement, despite previous gains from being added to the S&P 500. The company also had to allocate massive funds between $180 million and $400 million to cover losses, security system upgrades, and customer compensation.

Recovery Efforts and System Strengthening

Coinbase did not remain idle. They immediately established a new customer support center in the US to reduce reliance on overseas third parties. Enhanced access controls and internal monitoring systems were rolled out, along with increased investment in threat detection technology and security audits. Customer service agents found to be involved were fired and are now facing legal action.

The company is also working closely with international law enforcement agencies to track and prosecute the perpetrators while educating users to be more alert to potential scams impersonating Coinbase.

Implications for the Crypto Industry and Users

This incident is an important reminder to all crypto industry players and users about the vulnerability to social engineering attacks. Internal access monitoring, especially for third-party providers, must be tightened. Users are urged to always be cautious with suspicious communications and never share personal data carelessly.