Coinbase data theft and scam by bribing employees

On May 15, a report filed by Coinbase, a cryptocurrency trading platform, reported that nearly 70,000 of its users were affected by a data breach that had been ongoing since December 2024. Among the compromised information, passport photos, official identity documents, names, dates of birth, last four digits of Social Security numbers, bank account numbers and account information, including balances and transaction history, were leaked.

The criminals bribed Coinbase customer service and support agents overseas, allegedly in India. A small group of these insiders were persuaded to gain access to the company's database. Their goal was to compile a list of customers they could contact, impersonating the company's identity to convince the victims to transfer their funds. They then attempted to extort $20 million from Coinbase. However, the entity decided to go public with the situation it was suffering.

In response, Coinbase has implemented new security measures, including tracking stolen funds, monitoring suspicious asset withdrawals and offering a $20 million reward for information on those responsible. The company estimates that mitigation costs will range from $180 million to $400 million.