- Coinbase filed a new form for Maine Attorney General
- It confirmed when the attack happened and how many people were affected
- The company confirmed to offer a bounty
We now know exactly how many people are affected by the recent Moinbase data violation – 69,461. The company confirmed the news in a new filing in the Maine Attorney General Office. In the filing, the company said the attack took place at the end of December 2024 and that it was discovered months later, in mid -May 2025.
It also shared a review of data violation it sends to affected people, where the detailed what happened.
Apparently bribed threat actors “a small number of individuals performing services for coinbase” to make them smooth out sensitive customer data.
Extortion and coating
These individuals who were allegedly fired afterwards stole identity information (names, birth dates, last four digits of their social security number), masked bank account numbers and “some bank account identifiers”, addresses, phone numbers, e -email addresses, images of IDs, driver’s license and passports and different account information (transaction history, balance, transfer and more).
The attackers then tried to extort the coinbase for $ 20 million in return to delete the data. Coinbase not only denied the offer, but also doubled on it and offers exactly the same amount – $ 20 million, to the one who comes up with actions that are actions of identities or the attackers’ identities or places of residence.
Previous reports of Pakinomist claimed the attack could cost coinbase between $ 180 million and $ 400 million, citing a regulatory archiving recently filed by the company.
In addition to offering a $ 20 million bounty, Coinbase also promised to “do customers full” – by refunding anyone who can prove that they lost money following a social engineering attack made possible by the data stolen from Crypto Exchange.
Coinbase also said it worked with law enforcement, and encouraged users to remain vigilant, create strong passwords, create multi-factor approval (MFA) and never share their login credentials with anyone.
Via Techcrunch
