Coinbase estimates $180M to $400M in costs tied to customer data breach: filing
Quick Take
- Coinbase estimated the incident could cost between $180 and $400 million in expenses relating to remediation costs and voluntary customer reimbursements.
- The exchange confirmed that cyber criminals bribed some of its offshore customer service representatives to obtain user data.
- The news followed a $20 million bounty program meant to identify the perpetrators.
Crypto exchange Coinbase said cyber criminals bribed some of its offshore customer service representatives to obtain user data and account management records, according to a May 15 filing with the U.S. Securities and Exchange Commission.
The threat actors received KYC details, including addresses, phone numbers, emails, government IDs, and other user account information, which they potentially used to trick Coinbase clients in rampant social engineering campaigns.
Coinbase said the rogue employees behind the breach were immediately fired upon discovery. However, the company did not disclose when the leak occurred or how many staffers were involved.
Previous reports said the incident affected 1% of monthly transacting users. Furthermore, Coinbase estimated in the filing that the incident could cost between $180 and $400 million in expenses relating to remediation costs and voluntary customer reimbursements.
"Based on the information available to the Company on the date hereof and based on facts that continue to evolve, the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident, prior to further review of potential losses, indemnification claims, and potential recoveries, which could meaningfully increase or decrease this estimate," per Thursday’s SEC filing.
Also, individuals claiming to possess the compromised customer info asked for a $20 million payoff. Coinbase CEO Brian Armstrong said the firm denied the request and launched a $20 million bounty program to track the culprits instead.
The breach confirmation drew mixed reactions. While some on social media praised Coinbase for its transparency, others criticized the firm for its slow admission.
"Coinbase not disclosing this (much, much, much...) earlier notwithstanding, this is the dark side of the idiotic and nonsensical KYC/AML regime we live in," wrote Wintermute CEO Evgeny Gaevoy on X.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
