Coinbase, one of the largest cryptocurrency companies in the world, estimates that a recent cyberattack would cost it up to $400 million (£301 million).

According to the company, hackers contacted it and said they had access to client data that they had acquired by paying Coinbase workers and contractors. According to Coinbase, the crooks were able to obtain “less than 1%” of its client data, which they then utilized to pose as the company and fool users into giving over their cryptocurrency.

In order to keep silent, the organization then requested $20 million from Coinbase; however, Coinbase declined to pay the bribe and instead pledged to reimburse all victims of the scam.

The company’s share price dropped 4.1% as a result of the disclosure. The United States Securities and Exchange Commission (SEC) has taken notice of the event and is looking into whether Coinbase misled user data in previous disclosures. The business, however, rejected any investigation into its compliance with know-your-customer (KYC) laws.

Following the revelation, Coinbase’s shares dropped more than 7%, further harming the company’s credibility as it gets ready for a significant stock market milestone. According to blockchain analytics company Chainalysis, the digital asset industry saw an estimated $2.2 billion in stolen cash in 2024, and the cyberattack reflects these expanding concerns.

According to Coinbase, it has fired the affected employees, is collaborating with law enforcement, and plans to strengthen internal controls, including the establishment of a new service center in the US.

The Harsh Penalties

An “unknown threat actor” sent the company an email on May 11, according to the company.

In its statement, it said,

“We will reimburse customers who were tricked into sending funds to the attacker. We will not pay the $20 million ransom demand we received, and we are working closely with law enforcement to pursue the most severe penalties possible.”

“Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.”

It provided a cost estimate of $180 million to $400 million in a filing with the US Securities and Exchange Commission. Coinbase warned its users to remain alert and to anticipate more fraudster efforts in the future. Additionally, it advised users to lock their accounts if they had any suspicions.