Technology reporter
One of the world’s biggest cryptocurrency firms, Coinbase, says a recent cyber attack will cost it up to $400m (£301m).
The firm said it was contacted by hackers who claimed to have gained access to customer information, obtained by making payments to Coinbase contractors and employees.
In a blog post, Coinbase said the criminals had gained access to “less than 1%” of its customer data, which they then used to impersonate the firm and trick people into handing over their crypto.
The group then demanded $20m from Coinbase to keep it quiet – but it refused to pay the bribe and instead promised to pay back every person who got scammed.
The disclosure prompted the firm’s share price to fall by 4.1%.
The cyber attack comes days before the US company is set to join the benchmark S&P 500 index – a landmark moment for the crypto industry.
It also reflects how, as it grows, the industry has increasingly become a target for cyber criminals.
A report from research firm Chainanalysis suggests funds stolen from crypto businesses totalled $2.2bn in 2024.
“Security remains a challenge for the crypto industry despite its growing mainstream acceptance,” said Nick Jones, founder of crypto firm Zumo.
“As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks.”
‘Harshest penalties’
The company says it received an email from an “unknown threat actor” on May 11.
“We will reimburse customers who were tricked into sending funds to the attacker,” it said in its statement.
“We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received.
“Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”
In a filing with the US Securities and Exchanges Commission, it estimated costs between $180m and $400m.
It said this figure came from “remediation costs and voluntary customer reimbursements”, however this figure could change as a result of “potential losses, indemnification claims, and potential recoveries”.
The staff members who shared customer information with the hackers have been fired.
Coinbase told its customers to expect further attempts from scammers in the future, and advised them to be vigilant.
“Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet,” it said.
And it warned customers they should lock their accounts if they are suspicious.
“To the customers affected, we’re sorry for the worry and inconvenience this incident caused,” it said.
“We’ll keep owning issues when they arise.”
