Coinbase Rejects $20M Ransom Demand After Insider Breach, Offers Bounty Instead

In Brief:

Coinbase refused to pay a $20 million ransom after rogue support contractors leaked user data.

The exchange is offering a $20 million bounty for info leading to the attackers’ arrest and conviction.

Coinbase has confirmed that it suffered a targeted insider attack involving a bribery scheme aimed at stealing user data. The attackers, who compromised less than 1% of monthly active users, demanded $20 million in exchange for not disclosing the breach. Coinbase refused the ransom—and instead committed the same amount to a bounty fund for tracking down those responsible.

According to the company, a small group of overseas support contractors was bribed to access internal systems and extract user records. The exposed data includes names, phone numbers, masked Social Security digits, partial bank details, and account snapshots—but no passwords, private keys, or crypto assets were accessed. Coinbase Prime accounts were unaffected.

The attack’s goal was reportedly to build a list of Coinbase users to target with phishing and social engineering scams. Coinbase has already implemented new protections including withdrawal friction, ID verification layers, and real-time scam warnings on affected accounts. They also pledged to compensate any user losses resulting from scams linked to the breach.

To prevent future incidents, the company is ramping up insider threat detection, launching a U.S.-based support hub, and conducting ongoing red-team security drills. The rogue contractors have been referred to U.S. and international law enforcement, and Coinbase is working with blockchain analytics teams to flag the attackers’ wallets and freeze any stolen funds.

This security incident comes just days before Coinbase is slated to join the S&P 500, making it the first crypto-native company in the index—a historic milestone amid mounting cybersecurity challenges in the industry.

‍