Criminal probe launched into Coinbase data theft following $400m breach

The US Department of Justice has launched an investigation into a recent cyberattack on Coinbase Global, the world's largest cryptocurrency exchange, following a data breach that exposed customer information.

Coinbase reported receiving an email from unknown threat actors on 11 May, claiming to possess information about certain customer accounts and internal documents. The company expects financial losses between $180 million and $400 million as a result of the breach.

"We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement's pursuit of criminal charges against these bad actors," said Paul Grewal, chief legal officer at Coinbase.

According to sources familiar with the matter, Coinbase itself is not under investigation. "Coinbase is not under DOJ investigation, DOJ is investigating the criminal actors," a source told Reuters on Monday.

The cybercriminals reportedly employed a social engineering attack, bribing customer representatives based in India to collect data from internal Coinbase systems. These employees have since been dismissed. The hackers subsequently demanded a $20 million ransom to prevent public disclosure of the stolen information.

Coinbase has confirmed that while attackers managed to steal some data, including names, addresses and emails, they did not gain access to login credentials or passwords. The cryptocurrency exchange disclosed the breach publicly last Thursday.

Justice Department investigators, including those from the department's criminal division in Washington, are now examining the circumstances surrounding the breach, according to Bloomberg sources.

The cyberattack represents one of the most significant data breaches in the cryptocurrency sector this year, highlighting ongoing security challenges faced by digital asset platforms despite increased regulatory scrutiny.



Share Story:

Recent Stories


Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

Unleashing generative AI: A force multiplier for financial crime teams
This FStech webinar, sponsored by NICE Actimize sees industry experts examine the revolutionary impact of generative AI on financial crime operations, and provides actionable insights to enhance your compliance strategies.