Key Takeaways:
- Coinbase was hit by a data breach involving insider help, affecting less than 1% of users. Stolen info was used in phishing scams.
- The company may pay up to $400 million to affected users. It also refused a $20 million ransom and offered a bounty to catch the hackers.
- The SEC reopened an investigation into how Coinbase used to report its user numbers, adding more pressure on the company.
- Coinbase stock dropped more than 7%, just days before it’s set to join the S&P 500 — the first crypto company to do so.
- Charts now show bearish signals, with indicators like MACD and RSI pointing to falling momentum.
- Crypto exchanges are no longer just defending — they’re actively teaming up to go after hackers and stolen funds.
- After losing $1.5 billion in a separate hack, Bybit responded by launching the Anti-Lazarus Initiative to fight back against cybercrime.
Cryptocurrency exchange Coinbase announced on May 15 that it expects to pay between $180 million and $400 million to compensate customers affected by a significant data breach.
Inside Job: Coinbase Support Team Compromised
According to the company’s official blog post and an SEC filing, the breach occurred after cybercriminals contacted and bribed a small group of overseas support agents to gain access to customer data. These rogue agents exploited their access to customer support tools to exfiltrate information on less than 1% of Coinbase’s monthly transacting users.
Phishing Attacks Leveraged Sensitive Customer Data
The compromised data included names, phone numbers, masked Social Security and bank account details, passport and ID images, transaction history, and limited internal documentation.
Coinbase stressed that no passwords, 2FA codes, or private keys were accessed, and Coinbase Prime accounts remained untouched.
Coinbase Compensation and Law Enforcement Response
The attackers launched phishing campaigns that tricked some customers into voluntarily transferring funds. Coinbase has pledged to reimburse those affected and has already begun notifying impacted users via email.
In its post, the company revealed that it had refused a $20 million extortion demand from the perpetrators and instead is offering a $20 million bounty for information leading to their arrest.
Currently, the company is working closely with international and U.S. law enforcement and has tagged known attacker wallet addresses in collaboration with industry partners.
Coinbase Responds with Enhanced Security Measures
The incident has triggered a reassessment of Coinbase’s internal security protocols.
In response to the breach, the firm is launching a new support center in the U.S., tightening insider threat detection, and implementing enhanced transaction monitoring and scam-awareness prompts.
Additionally, customers whose accounts were flagged now face additional ID verification for large withdrawals.
Early Warnings Surfaced Months Prior
Coinbase first became aware of these phishing campaigns earlier this year, following early warnings by crypto investigator ZachXBT, as shown below, who shared evidence of coordinated scams in February.
Bad Timing for Coinbase: Data Breach and SEC Heat Shake (COIN) Stock Ahead of S&P 500 Listing
Coinbase shares fell over 7% on May 15, closing at around $244, following news of the data breach.
Adding to investor concerns, the Securities and Exchange Commission (SEC) confirmed an ongoing investigation into Coinbase’s past disclosures of its “verified users” metric, which the company stopped reporting in 2022.
The breach and SEC scrutiny come at a difficult time for Coinbase, which is set to join the S&P 500 index on May 19, making it the first crypto-native company to enter the benchmark.
On May 13, the chart exhibits a bullish breakout, coinciding with Coinbase’s news regarding its inclusion in the S&P 500.
The move was characterized by an extended sequence of green candlesticks, a breach above the upper Bollinger Band, and elevated RSI levels—indicative of strong upside momentum and institutional buying pressure.
The data breach and the investigation witnessed a swift reversal beginning late May 14, marked by a series of bearish candles and a breakdown below the midline of the Bollinger Band.
Momentum indicators turned sharply negative, with the MACD crossing below the signal line and the RSI retreating from near-overbought conditions, signaling a deterioration in short-term sentiment and potential trend exhaustion.
Enough Is Enough: Crypto Platforms Wage War on Hackers
Coinbase’s rejection of a $20 million extortion reflects a growing trend among crypto platforms: standing their ground against cybercriminal pressure.
In February 2025, Dubai-based exchange Bybit was hit by a devastating breach, losing approximately $1.5 billion in Ethereum during a routine wallet transfer. The fallout was immediate, triggering over $4 billion in withdrawal requests as market confidence wavered.
To stay afloat, Bybit secured emergency liquidity from partners including Bitget and Antalpha. Subsequent investigations attributed the attack to the Lazarus Group, the North Korean hacking collective behind several major crypto heists.
Much like Coinbase, Bybit didn’t just attempt to manage the breach – it retaliated. The exchange launched the Anti-Lazarus Initiative, a security-focused alliance aimed at disrupting state-backed cybercrime in the crypto space.
The initiative brings together exchanges, blockchain analytics firms, and security researchers to share threat intelligence, deploy real-time monitoring systems, and strengthen collective defenses against coordinated attacks. Bybit’s response signals a shift in how exchanges handle breaches, moving from damage control to proactive resistance.
Similarly, KuCoin, following a significant hack in 2020, offered rewards of up to $100,000 to anyone who could provide valid information regarding the hack.
The exchange collaborated with other platforms and law enforcement agencies, successfully recovering a substantial portion of the stolen funds.
This collaborative approach underscored the industry’s commitment to not only recover from attacks but also to deter future threats through collective action.
Read More: Market Digest: BTC Rebounds to $104K, Tech Stocks Dip on Sell-Offs
