(Bloomberg) — In the extensive history of cryptocurrency breaches, the recent hack affecting Coinbase Global Inc. has drawn attention not just for the financial implications but also for the stature of the company involved. While many crypto firms have suffered greatly from cyberattacks, Coinbase’s estimated loss of $400 million is particularly noteworthy as it represents an incident involving a key player in the industry. As the first publicly traded cryptocurrency exchange, Coinbase has significantly influenced the integration of digital assets into mainstream financial systems. It currently manages a substantial portion of the $122 billion in tokens held by spot Bitcoin exchange-traded funds (ETFs) and has been instrumental in lobbying for pro-crypto legislation in Washington. The timing of the hack is also critical; it follows just days after Coinbase achieved a significant milestone by being added to the S&P 500 Index, thus making its shares accessible to trillions of dollars invested in retirement funds and other indexed products.
The aftermath of the hack, coupled with ongoing scrutiny from the Securities and Exchange Commission (SEC) regarding its user reporting practices, led to a more than 7% drop in Coinbase’s stock on Thursday. Although the company maintains that its Coinbase Prime service, which manages crypto for ETF issuers and institutional clients, remains secure, reports indicate that hackers had access to sensitive customer data since January. This breach reportedly involved bribing customer service representatives to extract valuable information, including personal identification details and banking data, which could facilitate identity theft and unauthorized account access.
Concerns surrounding this breach extend beyond mere financial ramifications, particularly considering the recent violent incidents involving crypto figures, such as the kidnapping of a startup co-founder. Mike Dudas, managing partner of web3 firm 6MV, who was targeted by the hackers, expressed alarm over the extensive amount of personal data compromised. He noted that the breach forces individuals to reconsider their personal safety in light of escalating criminal activities related to cryptocurrency.
Reports indicate that the hackers managed to bribe multiple customer service representatives, effectively gaining near-continuous access to Coinbase’s customer information over a five-month span. However, Coinbase’s Chief Security Officer, Philip Martin, refuted claims of persistent access, explaining that the company swiftly revoked the agents’ access upon discovering the malpractice. He emphasized that the attackers primarily exploited employees and contractors based in India involved in customer support operations.
Although Coinbase detected suspicious activity and terminated the implicated agents, it was reported that the hackers maintained access to sensitive data as recently as Wednesday. Martin responded to these claims, stating, “we have no reason to believe that is true at all” but acknowledged the challenge of proving a negative assertion. The breach has already impacted at least one high-profile individual, with notable instances of unauthorized communication attempting to verify personal account logins.
Coinbase officially confirmed receiving a ransom demand from the hackers on May 11, following a series of suspicious activities involving customer support agents outside the U.S. The company has started notifying affected customers, advising them to monitor their accounts closely and implement robust security measures. They clarified that the compromised information did not include passwords or sensitive access details, thereby ensuring the accounts remained secure.
Coinbase reported that less than 1% of its monthly active users were affected by the breach, and it committed to fully reimbursing any customers who suffered financial losses. Rather than acquiescing to the ransom demand, the company is offering a $20 million reward for information leading to the arrest of the attackers. The cryptocurrency space has long been vulnerable to hacks due to its inherent reliance on user anonymity and intricate digital protocols, with a staggering $2.2 billion lost to such breaches in 2024 alone, as per Chainalysis data.
For crypto exchanges, the threat of hacking is an ongoing challenge, necessitating substantial investments in security measures. The social engineering tactics employed in this incident—whereby criminals manipulate individuals to gain unauthorized access—are increasingly common in the crypto sector, evidenced by similar high-profile breaches like the $1.5 billion hack of Bybit earlier this year. This incident ranks as the eighth-largest crypto hack to date, as per Elliptic data, with Coinbase’s estimated costs reaching $400 million to cover user reimbursements and other expenses.
Nick Jones, founder and CEO of Zumo, highlighted the growing sophistication of cybercriminals targeting the burgeoning crypto industry, noting that these bad actors are leveraging advanced AI tools to bypass existing security protocols. This breach represents a significant setback for Coinbase, which has recently experienced a pivotal period in its growth.
Additionally, reports have emerged indicating that the SEC is investigating whether Coinbase misrepresented its user metrics in previous disclosures, a probe that began during the previous administration. Coinbase’s chief legal officer, Paul Grewal, commented that this investigation pertains to a metric the company stopped reporting over two years ago and expressed hope for a resolution with the SEC.
