Coinbase Faces DOJ Probe After $20M Ransom Demand

The US Department of Justice (DOJ) has launched an investigation into the recent data breach at Coinbase, focusing on how attackers infiltrated the company's systems. The probe comes after Coinbase disclosed that attackers bribed third-party contractors and employees in India, who had privileged access to the firm’s internal support systems. The breach affected less than 1% of its monthly active users, compromising names, contact details, identity documents, and partially masked financial information. However, core infrastructure such as private keys, authentication credentials, and cold wallets remained uncompromised.

Coinbase's chief legal officer, Paul Grewal, confirmed that the company is cooperating with federal law enforcement and intends to pursue legal action against those responsible. Grewal also mentioned that Coinbase is working with other US and international law enforcement agencies. A spokesperson for the exchange declined to comment further on the matter.

The internal data leak allowed the attackers to pose as Coinbase personnel, enabling subsequent social engineering scams that targeted customer accounts. Coinbase CEO Brian Armstrong revealed that the attackers demanded a $20 million ransom in Bitcoin. The company refused to pay the ransom and instead announced it would establish a $20 million reward fund for information leading to the identification and prosecution of the perpetrators.

In a Form 8-K filing with the US Securities and Exchange Commission (SEC), Coinbase disclosed that it is still assessing the full financial cost of the breach. Preliminary estimates place remediation expenses and user reimbursements between $180 million and $400 million. The company stated it would compensate all affected users and terminate the compromised individuals involved in the breach.

Security researcher ZachXBT has been monitoring phishing and social engineering schemes targeting Coinbase users. He recently attributed more than $300 million in annualized losses to similar attacks on the exchange’s customers. Many of these attacks have leveraged impersonation tactics and extracted seed phrases through elaborate deception campaigns.

The DOJ probe marks an escalation in the response to what is now one of the most costly insider-related breaches in the crypto sector. The investigation underscores the seriousness with which authorities are treating the incident and the potential legal consequences for those involved. Coinbase's proactive measures, including the establishment of a reward fund and cooperation with law enforcement, demonstrate the company's commitment to addressing the breach and protecting its users.