Coinbase confirms data breach with hackers demanding $20 million ransom

The biggest cryptocurrency exchange in the United States just confirmed that it was hacked.

On Thursday, Coinbase confirmed that their systems were breached by unauthorized users and that internal company documents along with customers' personal data were accessed. The company was made aware of the breach via an email from the threat actor on May 11.

This Tweet is currently unavailable. It might be loading or has been removed.

Coinbase disclosed that in the email that the company received from the hackers was a demand for a $20 million ransom in exchange for not publicly leaking the stolen data. Coinbase says it will not pay the ransom and will instead establish a $20 million reward fund for anyone who provides information that leads to the arrest and conviction of the criminals behind the breach. The company also said it's cooperating with law enforcement.

The news of a data breach at Coinbase was first disclosed in legally required filing with the U.S. Securities and Exchange Commission (SEC). 

Coinbase believes the intrusion occurred after cyber criminals recruited a group of overseas contractors and support agents. Coinbase detected workers with authorization to access its systems "accessing data without business need." 

The crypto exchange says it immediately fired contractors who were involved with the breach and warned customers whose information was accessed.

Less than 1 percent of the exchange's monthly transacting users have been affected by the breach, according to Coinbase. Based on previous company filings regarding its user data, that means around 100,000 Coinbase users were affected.

According to Coinbase, no user login credentials such as passwords, personal keys, crypto wallets, or exchange funds were accessed.

However, the affected data is still quite concerning. Coinbase says the hackers obtained names, addresses, phone numbers, and email addresses of its users. In addition, customers' masked bank account numbers, photos of government IDs such as driver's licenses and passports, as well as the last four digits of social security numbers were stolen. Furthermore, the bad actors accessed certain user account data such as balance snapshots and transaction history.

As for company information, Coinbase says the hackers received limited corporate data such as training materials, support agent communications, as well as other internal documents.

In a video statement posted by Coinbase CEO Brain Armstrong, the Coinbase head describes changes being made to ensure a similar breach doesn't happen again. For example, the company is revamping its customer support systems and relocating its customer support operations as a result of the breach.

Armstrong also pledged to reimburse any customers who were socially engineered due to the breach and lost funds as a result.