Key Takeaways
- Coinbase expects up to $400 million in costs after an insider phishing attack.
- Attackers tried to extort $20 million in Bitcoin, which Coinbase refused to pay.
- The company will reimburse affected users and enhance data security measures.
Coinbase revealed it expects to pay up to $400 million in customer reimbursements and remediation costs following a phishing attack orchestrated by insiders.
The scheme involved bribing overseas customer support contractors to leak user data.
Details of the breach
In a May 15 blog post, the company disclosed that the attackers gained limited access to customer data but did not obtain passwords, private keys, or access to funds.
Less than 1% of monthly transacting users were affected, Coinbase said.
Extortion attempt & response
The attackers attempted to extort $20 million in Bitcoin by threatening to expose the breach.
Coinbase refused the demand and instead offered a $20 million reward for information leading to the attackers’ arrest and conviction.
The company wrote:
These insiders abused their access to customer support systems to steal the account data for a small subset of customers.
Security enhancements
CEO Brian Armstrong confirmed in a post on X that bribery attempts had been targeting support agents for months.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Coinbase now plans to relocate parts of its customer service operations and bolster internal security protocols.
SEC filing & cost estimates
In an 8-K filing with the SEC, Coinbase stated expected costs for “voluntary customer reimbursements” could total between $180 million and $400 million.
Ongoing phishing threats
Phishing remains a major threat to the platform.
Analyst ZachXBT estimated $45 million in user losses to phishing schemes in early May alone and over $300 million in 2024 to date.
