Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers.

No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched.

Coinbase said today it will reimburse customers who were tricked into sending funds to the attacker. The company is cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand it received.

Instead it is establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.

What the criminals got

• Name, address, phone, and email
• Masked Social Security (last 4 digits only)
• Masked bank account numbers and some bank account identifiers
• Government ID images (e.g., driver’s license, passport)
• Account data (balance snapshots and transaction history)
• Limited corporate data (including documents, training material, and communications available to support agents)

What they didn’t get

• Login credentials or 2FA codes
• Private keys
• Any ability to move or access customer funds
• Access to Coinbase Prime accounts
• Access to any Coinbase or Coinbase customer hot or cold wallets.