Crypto Giant Coinbase confirmed that its system was compromised and customer data, including government-issued identity documents, was stolen.
In a legally necessary submission to US regulators, Coinbase said this week that the hackers had obtained information about their customer accounts from the company and demanded money from the company in exchange for not releasing stolen data.
Coinbase said that hackers “get this information by gathering information from an internal Coinbase system that has access to multiple contractors or employees supporting roles outside the US to fulfill their work responsibilities.” Support staff are no longer employed, the company said.
The filing said that Coinbase’s system has detected malicious activity in the past few months and warns customers that “information may be accessed to prevent misuse of compromised information.”
Coinbase said it would not pay the hacker’s ransom. According to a social post by CEO Brian Armstrong, the hackers have asked the company for $20 million.
The company said the hackers stole the last four digits of the customer’s name, mail and email address, phone number and the user’s Social Security number. Hackers also took masked bank account numbers and some bank identifiers, as well as client government-issued identity documents, such as driver licenses and passports. The stolen data also includes account balance data and transaction history.
The company said some company data, including internal documents, were also stolen during the violation.
In a blog post, Coinbase said it will open a new US-based support hub and enhance security defenses.
When contacted in the comments, Coinbase spokesman Natasha Labranche told TechCrunch that the number of customers affected is less than 1% of its 9.7 million customers per month, according to the company’s latest annual report, which will end in March 2025.
Coinbase said it expects costs to be incurred in approximately $180 million to $400 million in connection with incident correction and customer refunds.
Do you work at Coinbase and know more about the violation? Please contact this reporter via signal at username: zackwhittaker.1337 or email: [email protected]
Updated with details from Coinbase.