COINBASE RESISTS $20 MILLION BITCOIN RANSOM DEMAND AFTER INSIDER-LED DATA BREACH

May 15, 2025 – San Francisco, CA — Coinbase, the largest cryptocurrency exchange in the United States, has confirmed a major data breach that compromised the personal information of a small fraction of its user base. The breach, disclosed in a statement on May 15, was allegedly orchestrated by insiders working with external attackers, who later attempted to extort the company for $20 million in Bitcoin.

Coinbase CEO Brian Armstrong revealed that the company had firmly rejected the ransom demand, instead committing to a $20 million reward fund for any information leading to the arrest and conviction of those responsible.

“We will not pay the $20 million ransom demand we received,” the company stated. “Instead, we are establishing a $20 million reward fund to bring these criminals to justice.”

INSIDERS LINKED TO BREACH IN SOCIAL ENGINEERING SCAM

According to Coinbase, the attack was carried out by foreign support agents who were recruited and bribed by threat actors. These agents had access to internal systems and leaked sensitive user data, which the hackers used to impersonate Coinbase employees and carry out sophisticated social engineering scams.

The compromised data included:

Full names
Contact information
Identity documents
Masked banking and social security details

Critically, no login credentials, private keys, or core infrastructure — including Coinbase Prime wallets — were accessed or compromised.

Coinbase has since terminated the rogue insiders, pledged legal action against them, and is working closely with law enforcement agencies. The exchange also announced plans to compensate affected users.

ZACHXBT LINKS ATTACK TO LARGER FRAUD NETWORK

Prominent blockchain investigator ZachXBT responded to the incident, stating that the attack shares similarities with a series of social engineering scams he has previously reported.

“Indeed there’s a lot of Coinbase user thefts I posted tied to the group,” ZachXBT commented, implying the involvement of a known fraud ring with a history of impersonation and phishing operations.

ZachXBT has estimated that Coinbase users lose over $300 million per year to social engineering scams — often driven by sophisticated impersonators exploiting lax identity verification systems and insider access.

CRITICISM OF EXISTING REGULATORY REGIMES

The breach has also reignited criticism of current Know Your Customer (KYC) and Anti-Money Laundering (AML) frameworks. Wintermute CEO Evgeny Gaevoy criticized the global regulatory climate, arguing that burdensome compliance requirements ironically make it easier for criminals to operate.

“This is the dark side of the idiotic and nonsensical KYC/AML regime we live in,” Gaevoy said. “It sacrifices privacy, taxes businesses, and enables kidnappings, scams, and fraud.”

A WATERSHED MOMENT FOR EXCHANGE SECURITY

This insider-led breach underscores the growing threat of internal compromise at major financial and crypto institutions, especially as bad actors deploy more advanced tactics. While Coinbase has pledged transparency and user compensation, the incident marks a critical test for the exchange’s reputation and its internal controls.

As investigations continue, the crypto world will be watching to see whether Coinbase’s unprecedented $20 million reward offer results in the takedown of one of the most damaging social engineering rings in the sector to date.