(Reuters) -Coinbase forecast a hit between $180 million and $400 million from a cyber attack that breached account data of a “small subset” of its customers, sending the crypto exchange’s shares down 3% in premarket trading on Thursday.
The company said it received an email from an unknown threat actor on May 11, claiming to have information about certain customer accounts as well as internal documents.
The disclosure comes days before the company is set to join the benchmark S&P 500 index, marking a landmark moment for the crypto industry.
Coinbase said that while the attackers stole some data including names, addresses and emails, they did not get access to login credentials or passwords. It will, however, reimburse the customers who were tricked into sending funds to the attackers.
The hackers had paid multiple contractors and employees working in support roles outside the U.S. to collect information from internal systems. Coinbase has fired the employees involved immediately, it said.
It also refused to pay the ransom demand of $20 million and is working with law enforcement agencies. It has instead established a $20 million reward for information on the attackers.
“Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident,” the company said in a blog post.
Security remains a challenge for the crypto industry. In February, Bybit disclosed that attackers had stolen digital tokens worth around $1.5 billion, which many called the biggest crypto heist of all time.
Funds stolen by hacking crypto platforms totaled $2.2 billion in 2024, according to a report from blockchain analysis firm Chainalysis, the fourth straight year where such hacks have topped more than $1 billion.
(Reporting by Niket Nishant in Bengaluru; Editing by Shinjini Ganguli)
