Overview:

Coinbase is one of the world's largest cryptocurrency exchanges with over 100 million users globally, handling billions of dollars in daily trading volume and serving as a primary gateway for cryptocurrency adoption.

What Happened:

Cybercriminals bribed overseas customer support agents working for third-party contractors to gain internal access to sensitive customer data. The attackers demanded $20 million ransom but Coinbase refused and instead offered a $20 million reward for information leading to arrests.

Business Impact:

• Financial Loss: $180-400 million estimated response cost
• Downtime: 21 days for enhanced security implementation
• Reputational/Legal Effects: 69,461 users affected (under 1% of customer base), 7% stock price drop, class-action lawsuits, SEC investigation

Response & Recovery:

• Detection Time: Ongoing since late 2024, discovered in May 2025
• Recovery Actions: Terminated insider contractors, centralized support to US operations, enhanced access controls
• Duration of Impact: 3 weeks immediate response, 6+ months legal and compliance resolution

Key Takeaways:

• Outsourced customer support represents significant insider threat risk
• Cryptocurrency platforms are attractive targets due to digital asset liquidity
• Public reward offers can be more effective than ransom payments for catching attackers