In a shocking revelation following the Coinbase $400 million breach, it has been disclosed that hackers had unauthorized access to sensitive customer information as early as January. Sources indicate that the hackers maintained access by bribing customer service representatives and later demanded a $20 million ransom.
**Hackers Targeted Overseas Support Staff**
A Bloomberg report unveils that the hackers targeted Coinbase employees and contractors based outside the U.S., specifically those involved in the company’s outsourcing operations. By bribing a select group of these insiders, attackers managed to obtain sensitive user information such as names, birth dates, addresses, government-issued ID numbers, banking details, account balances, and creation dates. This stolen data posed a risk of impersonation attacks against Coinbase or its customers, potentially leading to unauthorized access to other financial accounts.
Mike Dudas, a managing partner at web3 firm 6MV and one of the victims, commented on the severity of the breach, highlighting the staggering amount of personal information that was shared.
Despite claims that the hackers had access since January, Coinbase’s Chief Security Officer Philip Martin contested this, stating that the access was revoked once the breach was discovered, thus preventing constant access. However, he did acknowledge several incidents of bribery, leading to immediate quarantine and termination of the involved support agents.
**Insight into the Breach**
Coinbase publicly disclosed the breach, stating that less than 1% of monthly transacting users were affected. The attackers’ goal was to compile a list of customers to impersonate Coinbase, in an attempt to deceive users into surrendering their cryptocurrency assets. When their $20 million ransom demand was refused, the culprits intensified their extortion efforts.
The company reassured that login credentials, private keys, and Prime accounts remained secure, with no customer wallets being accessed. In response, Coinbase pledged to reimburse affected users, enhance its security measures, and establish a new customer support hub in the U.S. Moreover, a $20 million bounty has been offered for any information leading to the attackers’ arrest, alongside efforts to recover stolen funds and pursue criminal charges against the insiders.
This breach is part of a larger trend of cyberattacks targeting the digital currency sector. A recent report from Immunefi highlighted that cryptocurrency projects suffered losses of $92.5 million in April 2025 alone due to cyberattacks, marking a significant increase from previous months.
For more updates, follow us on Twitter.
—
**Tweet This:** Unveiling the depth of the Coinbase breach: Hackers accessed sensitive customer info as early as January, leading to a $20 million ransom demand. #CoinbaseBreach #Cybersecurity #CryptocurrencySecurity
