Major cryptocurrency exchange Coinbase refuses to pay ransom of 2.9 billion yen despite customer data being stolen, with damages estimated to reach more than 60 billion yen

Coinbase, a major cryptocurrency exchange, has admitted that customer data, including government-issued ID documents, have been stolen by a third party. The criminals who stole the customer data are demanding a ransom of $20 million from Coinbase, which Coinbase has refused to pay.

Protecting Our Customers - Standing Up to Extortionists
https://www.coinbase.com/en-gb/blog/protecting-our-customers-standing-up-to-extortionists

Coinbase warns of up to $400 million hit from cyberattack | Reuters
https://www.reuters.com/business/coinbase-says-cyber-criminals-stole-account-data-some-customers-2025-05-15/

Coinbase says customers' personal information stolen in data breach | TechCrunch
https://techcrunch.com/2025/05/15/coinbase-says-customers-personal-information-stolen-in-data-breach/

Coinbase published a blog post titled 'Protecting Our Customers, Standing Up to Extortionists' on May 15, 2025. In the blog post, it was revealed that criminals had persuaded overseas customer support representatives to divulge data of Coinbase trading users by offering them cash.

Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on <1% of Coinbase MTUs. No passwords, private keys, or funds were exposed. Prime accounts are untouched. We will reimburse impacted customers. More here: https://t.co/SidVn59JCV

— Coinbase ????️ (@coinbase) May 15, 2025

The criminals demanded that Coinbase pay $20 million in exchange for covering up the leak of users' personal information, but Coinbase CEO Brian Armstrong said he declined.

https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0

— Brian Armstrong (@brian_armstrong) May 15, 2025

The personal information obtained by the criminals included users' names, addresses, phone numbers, email addresses, social security numbers (only the last four digits), bank account numbers, government-issued identification such as driver's licenses and passports, account data such as balances and transaction histories, and company data. However, login credentials, private keys, and access to wallets registered with Coinbase were not leaked.

Coinbase has vowed to immediately fire the employees who leaked users' personal information to the criminals, notify U.S. and international law enforcement agencies, and pursue criminal charges. In addition, in lieu of paying the $20 million ransom, Coinbase has promised to pay a $20 million reward for information leading to the arrest and conviction of the criminals.

We will pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.

— Coinbase ????️ (@coinbase) May 15, 2025

Coinbase said, 'Cryptocurrency adoption depends on trust, and we apologize to affected customers for any concern and inconvenience caused by this incident. We take responsibility when issues arise and continue to invest in world-class security defenses as it is how we protect our customers and keep the crypto economy safe.'

Coinbase spokesperson Natasha LaBranche told TechCrunch, an IT news site, that the number of affected customers is less than 1% of the 9.7 million monthly customers listed in the company's annual report for the fiscal year ending March 2025. Coinbase also estimates that the loss from the incident could range from $180 million to $400 million.