![[The AI Show Episode 147]: OpenAI Abandons For-Profit Plan, AI College Cheating Epidemic, Apple Says AI Will Replace Search Engines & HubSpot’s AI-First Scorecard](https://www.marketingaiinstitute.com/hubfs/ep%20147%20cover.png)
![How to Enable Remote Access on Windows 10 [Allow RDP]](https://bigdataanalyticsnews.com/wp-content/uploads/2025/05/remote-access-windows.jpg)
![[DEALS] The 2025 Ultimate GenAI Masterclass Bundle (87% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Legends Reborn tier list of best heroes for each class [May 2025]](https://media.pocketgamer.com/artwork/na-33360-1656320479/pg-magnum-quest-fi-1.jpeg?#)
-Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple using sketchy warning for apps bought using third-party payment systems [Updated]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/05/Apple-using-scary-looking-warning-for-apps-bought-using-third-party-payment-systems.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Watch Aston Martin and Top Gear Show Off Apple CarPlay Ultra [Video]](https://www.iclarified.com/images/news/97336/97336/97336-640.jpg)
Coinbase cyberattack: What users need to know about stolen customer data, password security, and more in $400 million incident
Stock in Coinbase (COIN), the largest U.S.-based cryptocurrency exchange, fell more than 8% Thursday on news it was the victim of a cyberattack, in which hackers successfully bribed overseas contractors to leak important information so they could steal customer data. The company estimates it could cost $400 million to resolve the situation. While investors may be concerned, Coinbase customers undoubtedly are as well. Here’s what users of the crypto exchange need to know. What happened? Coinbase reported in a Securities and Exchange Commission (SEC) filing that on May 11, it received an email from an entity claiming to have obtained information about certain Coinbase customer accounts and internal Coinbase documentation—including materials relating to customer-service and account-management systems. The filing said hackers sent an email threatening to publish customers’ personal data if Coinbase did not pay a $20 million ransom, which CEO Brian Armstrong confirmed on X was specifically for “$20 million in Bitcoin.” According to the SEC filing, Coinbase learned the cybercriminals obtained the data by paying off multiple overseas contractors or employees working in support roles. Once detected, Coinbase immediately terminated those involved. Coinbase said it did not pay the ransom and has been working with law enforcement to investigate the breach. It’s establishing a $20 million reward for information leading to the arrest and conviction of those responsible for the attack. Was my Coinbase password or private key leaked in the attack? No. The SEC filing said the data breach did not compromise customer passwords or private keys. Were my Coinbase funds exposed in the attack? According to the SEC filing, neither “targeted contractors” nor “employees” were able to access customer funds. What about Coinbase customer data like my email, address, and phone number? Yes, according to Coinbase’s blog, the following personal information was compromised: Name, address, phone, and email Masked Social Security (last 4 digits only) Masked bank‑account numbers and some bank account identifiers Government‑ID images (e.g., driver’s license, passport) Account data (balance snapshots and transaction history) Limited corporate data (including documents, training materials, and communications available to support agents) How can I protect myself? Coinbase told Fast Company: “Expect impostors. Scammers—related to this incident or not—may pose as Coinbase employees and try to pressure you into moving your funds.” Additionally, the company outlined what customers can do in this post. What should I do if I receive a phone call, text, or request from Coinbase? A Coinbase spokesperson told Fast Company: “If you receive this call, hang up the phone. Coinbase will never ask you to contact an unknown number to reach us.” Again, remember, Coinbase will never call or text, or ask for your password or two-factor authentication (2FA) codes, or for you to transfer assets to a specific or new address, account, vault, or wallet. I think my Coinbase information was leaked in the cyberattack. What should I do? Coinbase said it will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks. If your data was accessed, you should have already received an email; notifications were sent Wednesday, May 15, at 7:20 a.m. ET to affected customers. Flagged accounts now require additional ID checks on large withdrawals and include mandatory scam‑awareness prompts. As Coinbase monitors high-risk transactions, customers may experience delays. The company said it is opening a new support hub in the U.S., adding stronger security controls and monitoring across all locations, and will keep the community updated as the investigation progresses.
Stock in Coinbase (COIN), the largest U.S.-based cryptocurrency exchange, fell more than 8% Thursday on news it was the victim of a cyberattack, in which hackers successfully bribed overseas contractors to leak important information so they could steal customer data. The company estimates it could cost $400 million to resolve the situation.
While investors may be concerned, Coinbase customers undoubtedly are as well. Here’s what users of the crypto exchange need to know.
What happened?
Coinbase reported in a Securities and Exchange Commission (SEC) filing that on May 11, it received an email from an entity claiming to have obtained information about certain Coinbase customer accounts and internal Coinbase documentation—including materials relating to customer-service and account-management systems.
The filing said hackers sent an email threatening to publish customers’ personal data if Coinbase did not pay a $20 million ransom, which CEO Brian Armstrong confirmed on X was specifically for “$20 million in Bitcoin.” According to the SEC filing, Coinbase learned the cybercriminals obtained the data by paying off multiple overseas contractors or employees working in support roles. Once detected, Coinbase immediately terminated those involved.
Coinbase said it did not pay the ransom and has been working with law enforcement to investigate the breach. It’s establishing a $20 million reward for information leading to the arrest and conviction of those responsible for the attack.
Was my Coinbase password or private key leaked in the attack?
No. The SEC filing said the data breach did not compromise customer passwords or private keys.
Were my Coinbase funds exposed in the attack?
According to the SEC filing, neither “targeted contractors” nor “employees” were able to access customer funds.
What about Coinbase customer data like my email, address, and phone number?
Yes, according to Coinbase’s blog, the following personal information was compromised:
- Name, address, phone, and email
- Masked Social Security (last 4 digits only)
- Masked bank‑account numbers and some bank account identifiers
- Government‑ID images (e.g., driver’s license, passport)
- Account data (balance snapshots and transaction history)
- Limited corporate data (including documents, training materials, and communications available to support agents)
How can I protect myself?
Coinbase told Fast Company: “Expect impostors. Scammers—related to this incident or not—may pose as Coinbase employees and try to pressure you into moving your funds.”
Additionally, the company outlined what customers can do in this post.
What should I do if I receive a phone call, text, or request from Coinbase?
A Coinbase spokesperson told Fast Company: “If you receive this call, hang up the phone. Coinbase will never ask you to contact an unknown number to reach us.”
Again, remember, Coinbase will never call or text, or ask for your password or two-factor authentication (2FA) codes, or for you to transfer assets to a specific or new address, account, vault, or wallet.
I think my Coinbase information was leaked in the cyberattack. What should I do?
Coinbase said it will reimburse customers who were tricked into sending funds to the attacker due to social engineering attacks.
If your data was accessed, you should have already received an email; notifications were sent Wednesday, May 15, at 7:20 a.m. ET to affected customers.
Flagged accounts now require additional ID checks on large withdrawals and include mandatory scam‑awareness prompts. As Coinbase monitors high-risk transactions, customers may experience delays.
The company said it is opening a new support hub in the U.S., adding stronger security controls and monitoring across all locations, and will keep the community updated as the investigation progresses.
