Coinbase Customer Service Personnel Accepts Bribes and Leaks User Data, Estimated Losses Could Reach Up to $400 Million

Table of Contents

• Overseas Customer Service Employees Bribed, User Data Leaked
• Coinbase Refuses to Pay Ransom
• Scope of Leak and Financial Impact
• Cybersecurity Risks and KYC System Questioned Again

Overseas Customer Service Employees Bribed, User Data Leaked

Coinbase has indicated that several overseas customer service employees accepted bribes to provide a small number of user account details and management records to cybercriminals. The leaked information includes KYC verification data (such as names, addresses, phone numbers, emails, and copies of government documents) and account operation records, which are suspected to have been used in a recent wave of large-scale social engineering scams.

In recent months, Coinbase customers have reported encountering social engineering scams impersonating customer service, with losses amounting to millions of dollars. An investigation by on-chain investigator ZachXBT suggests that some attackers may be linked to the hackers who obtained user identity data, potentially using KYC information to further deceive victims.

Coinbase Refuses to Pay Ransom

Coinbase stated that after the hackers obtained the data, they demanded a ransom of $20 million in Bitcoin, threatening to publicly disclose all sensitive user information if the payment was not made. However, Coinbase CEO Brian Armstrong explicitly rejected this demand and countered by announcing a reward of $20 million for any information that could help identify and convict the hackers.

Scope of Leak and Financial Impact

According to Coinbase, the estimated impact of this incident is “less than 1% of monthly transacting users.” The company stated that after dismissing the ransom demands, it immediately fired the involved customer service personnel but did not disclose the specific timing of the leak or the number of employees involved. According to SEC filings, Coinbase initially estimates that this incident will result in expenses of approximately $180 million to $400 million, primarily for user compensation and cybersecurity remediation.

“Based on the information currently available and the evolving facts, the company initially estimates that the costs for remediation and user compensation will range between $180 million and $400 million, and this may change in the future due to potential losses, claims, and recoveries.”

Cybersecurity Risks and KYC System Questioned Again

Although Coinbase emphasized that users’ passwords, private keys, and funds were not exposed, and that Coinbase Prime high-end accounts were also unaffected, this incident has still sparked significant concern within the community. Wintermute CEO Evgeny Gaevoy criticized Coinbase on X (formerly Twitter) for only revealing the incident recently, pointing out issues within the overall compliance system: “The fact that Coinbase delayed disclosing this incident is itself a problem. This is the dark side we must face under this foolish and absurd KYC/AML regulatory regime.”