Coinbase warns of up to $400 million hit from cyberattack
Korea JoongAng Daily

Home > World > World

print dictionary print

Coinbase warns of up to $400 million hit from cyberattack

Published: 16 May. 2025, 20:21
A smartphone with the Coinbase logo and representation of cryptocurrency are placed on a keyboard in this illustration from June 8, 2023. [REUTERS/YONHAP]

A smartphone with the Coinbase logo and representation of cryptocurrency are placed on a keyboard in this illustration from June 8, 2023. [REUTERS/YONHAP]

 
Coinbase forecast a hit of $180 million to $400 million from a cyberattack that breached account data of a "small subset" of its customers, the crypto exchange said in a regulatory filing on Thursday.
 
The company received an email from an unknown threat actor on May 11, claiming to have information about certain customer accounts as well as internal documents.
 

Related Article

 
While some data — including names, addresses and emails — was stolen, the hackers did not get access to login credentials or passwords, Coinbase said. It would, however, reimburse customers who were tricked into sending funds to the attackers.
 
Hackers had paid multiple contractors and employees working in support roles outside the U.S. to collect information. The company had fired those involved, it said.
 
Separately, the U.S. Securities and Exchange Commission (SEC) had begun scrutinizing whether Coinbase had misstated its user figures, two sources familiar with the matter told Reuters.
 
The agency had also been interested in whether any inaccurate user data could indicate that the company had inadequate know-your-customer compliance required of firms registered with the SEC, the sources said.
 
A Coinbase spokesperson denied the SEC was probing the company's compliance with know-your-customer and Bank Secrecy Act rules.
 
The Coinbase logo covers the Nasdaq MarketSite in New York's Times Square on April 14, 2021. [AP Photo/YONHAP]

The Coinbase logo covers the Nasdaq MarketSite in New York's Times Square on April 14, 2021. [AP Photo/YONHAP]

 
Another source familiar with the matter said that the SEC did not directly ask questions about such compliance and that it would not be a relevant topic since the SEC dropped a separate case against Coinbase alleging the firm failed to register with the market watchdog.
 
The inquiry into Coinbase's "verified user" metric had continued even after the SEC abandoned its other lawsuit, the source said. The New York Times first reported the investigation into user data from past disclosures.
 
Coinbase shares extended losses after the report and were last down 6.5 percent.
 
"This is a holdover investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public," Coinbase's chief legal officer, Paul Grewal, said.
 
"While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close."
 
The agency declined to comment.
 
The latest developments come days before the company is set to join the benchmark S&P 500 index, casting a shadow over what was expected to be a landmark moment for the crypto industry.
 
Security remains a challenge for the crypto industry despite its growing mainstream acceptance. In February, Bybit disclosed a hack in which around $1.5 billion of digital tokens were stolen — widely dubbed the biggest crypto heist of all time.
 
The logo for Coinbase Global, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron and others at Times Square in New York on April 14, 2021. [REUTERS/YONHAP]

The logo for Coinbase Global, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron and others at Times Square in New York on April 14, 2021. [REUTERS/YONHAP]

 
"The cyberattack may push the industry to adopt stricter employee vetting and introduce some reputational risks," said Bo Pei, analyst at U.S. Tiger Securities.
 
Funds stolen by hacking crypto platforms totaled $2.2 billion in 2024, according to a report from Chainalysis.
 
"As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks," said Nick Jones, founder of crypto firm Zumo.
 
The firm now also faces a lawsuit, filed in the Southern District of New York, alleging the world's largest crypto exchange failed to secure and safeguard personally identifiable information of millions of former and current customers, the filing showed.
 
Coinbase has refused to pay a ransom of $20 million to the attackers and is working with law enforcement agencies. It has instead established a $20 million reward for information on the hackers.
 
The company is also opening a new support hub in the United States and taking other measures to prevent such cyberattacks, it said.

Reuters
tags Coinbase cryptocurrency U.S. cyberattack

More in World

Iranians can shelter in mosques, schools and subways, government spokesperson says

Russian air attack damaged Boeing offices in Ukraine, FT reports

Israel's El Al cancels flights to and from many cities until June 23

Israeli military issues evacuation warnings to Iranians near weapons facilities

1 killed, 19 injured as a hot-air balloon crashes in central Turkey

Related Stories

Boom

North's hackers stole $316 million, says UN report

Hackers attempt to breach Korea's election commission: 'No damage occurred'

[Column] Beware the cheap coder

Crypto climbs
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)