Cyber attack: Coinbase warns of $400m hit after data breach
Crypto exchange Coinbase has disclosed a significant cyber attack that could cost the company between $180m (£135m) and $400m (£300m), after hackers breached account data belonging to a “small subset” of its users.
The news sent shares down three per cent in pre-market trading on Thursday.
Coinbase said it received an email from an unknown threat actor on 11 May, claiming access to sensitive customer details and internal company documents.
The company has confirmed that the attackers accessed names, addresses, and emails, but did not obtain login credentials and passwords.
The breach comes at a pivotal moment for Coinbase, as the firm is set to join the S&P 500 – a milestone for both the company and the broader crypto industry.
In a blog post, Coinbase stated that employees and contractors in support roles outside the US had been paid by the attackers to extract information from internal systems.
Those involved have since been terminated, said the firm.
While Coinbase declined to meet the hackers’ ransom demand of $20m, it has launched a reward for information to the identification of those responsible at the same price.
The exchange also pledged to reimburse affected customers who were tricked into transferring funds to the attackers.
“Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident”, the company wrote.
Nick Jones, CEO of Crypto platform company Zumo, noted the increasingly sophisticated methods cyber criminals use, and pointed to the need for strategies across the financial sector, including the EU’s recently implemented digital operational resilience act (DORA).
“As our industry matures, it’s imperative to adhere to these principles and work together to better protect the customers we serve”, he said.
The attack follows recent breaches at other major crypto firms, including Bybit, which took a hit in February, with $1,4bn in tokens stolen.
It also comes after a series of incidents hitting retailers in the UK, with M&S, Co-op and Harrods among the disrupted.
Dior also reported a breach just earlier today.
M&S confirmed this week that its systems were still recovering from the ransomware attack, which disrupted online services and compromised customer data.