- Coinbase presented a new form before Maine’s attorney general
- Confirmed when the attack occurred and how many people were affected
- The company confirmed that it offers a reward
Now we know exactly how many people are affected by the recent violation of coinbase data: 69,461. The company confirmed the news in a new presentation before the Office of the Attorney General of Maine. In the presentation, the company said that the attack took place at the end of December 2024 and that it was seen months later, in mid -May 2025.
He also shared a data violation notification letter that is sending the affected people, in which he detailed what happened.
Apparently, the threat actors bribed “a small number of people who perform services for coinbase” to exfilt the data of the client confilos.
Extortion and rewards
These individuals, who were supposedly fired later, stole identity information (names, birth dates, last four digits of their social security numbers), masked bank account numbers and “some bank accounts identifiers”, addresses, telephone numbers, email addresses, ID images, driving licenses and passports and different information information (transaction history, balance, transfers, transfers and more).
Then, the attackers tried to extort Coinbase for $ 20 million, in exchange for deleting the data. Coinbase not only denied the offer, but also doubled, offering exactly the same sum: $ 20 million, to whom present processable information about the identities or whereabouts of the attackers.
The previous reports on PakGazette stated that the attack could cost coinbase between $ 180 million and $ 400 million, citing a regulatory presentation of the recently submitted company.
In addition to offering a $ 20 million reward, Coinbase also promised to “make customers complete,” reimbursement to anyone who could prove that he lost money after a social engineering attack made possible by the stolen data of cryptography exchange.
Coinbase also said he was working with the application of the law, and urged users to stay attentive, create safe passwords, configure multifactor authentication (MFA) and never share their login credentials with anyone.
Through Techcrunch
