Coinbase Breach: Hackers Demand $20M, Exchange Offers Bounty Instead

Coinbase has confirmed a major cybersecurity breach that compromised sensitive customer data and internal systems. Instead of complying with the hackers’ demand for a $20 million ransom, the crypto exchange flipped the script and launched a public bounty. It now offers a reward of $20 million to anyone who can help identify and apprehend the perpetrators.

The incident occurred in late 2024 but was only publicly disclosed in May 2025. It involved the theft of portions of Coinbase’s proprietary source code and internal data. According to the company, the attackers did not steal any customer funds, but gained access through compromised employee credentials. The incident has sparked concern across the crypto sector, raising questions about insider threats and the resilience of even the most security-conscious platforms.

Update – May 21, 2025: New details have emerged about the Coinbase data breach, including insider involvement, legal fallout, and potential losses of up to $400 million. Read our latest coverage here https://crispybull.com/400m-fallout-coinbase-faces-backlash-after-data-breach/

A Bold Extortion Attempt

After infiltrating Coinbase’s systems, the threat actors reportedly demanded $20 million to prevent the release of the stolen data. Instead of entering negotiations, Coinbase refused the ransom and decided to go public. It shared details of the attack and offered a bounty of equal value to anyone providing actionable intelligence that leads to the identification or the arrest of the culprits.

The company emphasized that while customer assets remained secure, the breach represents a serious escalation in cybercriminals’ tactics targeting the digital asset industry. Coinbase said it has since taken “aggressive steps to harden infrastructure, rotate credentials, and reinforce internal security practices.”

FBI Joins Investigation

The FBI and the Department of Justice are now actively involved in the investigation. Law enforcement agencies have begun tracking the attackers’ digital footprints left behind. Officials are treating the case as a high-priority matter of cyber extortion and potential corporate espionage.

While Coinbase has not officially confirmed how the breach originated, reports from multiple sources suggest the attackers may have leveraged privileged employee access. Others have speculated on the possibility of insider involvement. If such a scenario were confirmed, that would complicate the response and heighten the need for internal auditing.

Bug Bounties vs. Ransomware

The case underscores a growing trend in which tech firms, particularly in the blockchain space, choose transparency and countermeasures over ransom payments. Coinbase’s decision to match the hackers’ demand with a bounty signals a shift in how crypto companies may tackle extortion in the future. They incentivize white-hat collaboration rather than giving in to criminal threats.

A Coinbase spokesperson stated, “We will not reward criminal behavior. Our focus is on accountability and reinforcing trust in our platform. We’re calling on the broader community to help us bring the perpetrators to justice.”

>>> Read more: Coinbase’s S&P 500 Entry Sparks Investor Enthusiasm

A Persistent Vulnerability in the Crypto Sector

While Coinbase’s response demonstrates a commitment to transparency and accountability, the broader pattern of recurring breaches in the cryptocurrency industry remains troubling. Despite ongoing investments in cybersecurity, critical vulnerabilities, whether technical or human, continue to be exploited. Until the industry moves beyond reactive measures and prioritizes structural resilience, high-profile incidents like this are likely to persist.