Coinbase Could Pay Customers Up to $400M for Data Breach

Coinbase expects to pay $180 million to $400 million relating to remediation costs and voluntary customer reimbursements related to this incident, which saw attackers gain access to users personal information.

Coinbase received an email communication from the unknown threat actor on May 11, according to the firm. Attackers were able to access customers personal details, such as name, address, phone number, masked social security number, masked bank account numbers and other crucial details.

They accessed those details by essentially bribing Coinbase's overseas employees/contractors and subsequently demanding customer details to be sent. The exchange fired staff involved in the breach on the spot and referred to U.S. and international law enforcement. It will also press criminal charges.

"Based on facts that continue to evolve, the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident," the exchange said in an SEC filing.

Shares of Coinbase fell over 4% to under $253 during early U.S. trading hours.

The crypto exchange said in a blog post that it will "reimburse customers who were tricked into sending funds to the attacker." It has also offered a $20 million bug bounty for anyone that provides information leading to an arrest.

The confirmation of cyber criminal activity comes three months after on-chain sleuth ZachXBT claimed that Coinbase users had lost $300 million to social engineering scams.

Coinbase also said that the criminals secured government ID images, account balances and corporate data. Two-factor authentication codes and private keys were not breached, it added.

When asked for comment on the breach, Coinbase directed CoinDesk to the blog post and a statement from Coinbase CEO Brian Armstrong.

Armstrong said that he "received a ransom note" for $20 million in bitcoin (BTC) in exchange for these attackers not releasing some information they claim to have obtained on Coinbase customers.

UPDATE (May 15, 12:48 UTC): Updates headline, adds details on the breach.

UPDATE (May 15, 14:19 UTC): Adds details on the breach and share price details.

CORRECTION (May 15, 16:49 UTC): Changes "breach" in the second paragraph for "email received by threat actor." Adds "remediation and voluntary reimbursements in the opening paragraph.