The United States Department of Justice has initiated a criminal investigation into a recent cybersecurity breach at Coinbase Global Inc.
The inquiry, led by the DOJ’s criminal division in Washington, aims to uncover the events that enabled a group of actors to access user data through insider collusion. Coinbase disclosed that the breach stemmed from unauthorized access facilitated by the bribery of offshore customer service personnel.
The company stated the attack targeted its support operations in India, where certain employees and contractors allegedly accepted bribes to leak sensitive client information.
Criminal Actors Exploited Insider Access
Following an internal investigation, Coinbase confirmed that criminals persuaded support agents overseas to extract confidential user details. The breach, which the company labeled highly targeted, compromised fewer than 1% of the platform’s monthly transacting users.
Data exposed included personal identifiers such as full names, phone numbers, residential addresses, and banking details. However, Coinbase emphasized that login credentials, private cryptographic keys, and access to user wallets remained intact.
The situation escalated when the attackers demanded $20 million from Coinbase in exchange for withholding the stolen data from public exposure. Rather than complying, the company launched a full-scale investigation, declined the extortion attempt, and introduced a $20 million bounty to capture the perpetrators.
Insider Misconduct Detected Prior to the Breach
In the months before the incident, Coinbase reportedly identified irregular activity among offshore support agents. According to a corporate filing submitted last week, the firm had observed instances of non-U.S.-based customer service staff accessing internal systems and collecting client information without authorization. Following the discovery, Coinbase dismissed the implicated individuals from their positions.
Meanwhile, the platform notified regulators and international law enforcement agencies about the breach. Paul Grewal, Coinbase’s chief legal officer, stated that the firm proactively brought the matter to the attention of U.S. authorities and confirmed that it is not a subject of the investigation.
Uh, we told the authorities about the incident. We are not the subject of the investigation into the incident. Just sayin’— if facts matter pic.twitter.com/Ck3CBZ7Alg
— paulgrewal.eth (@iampaulgrewal) May 19, 2025
The firm’s cooperation with law enforcement efforts aimed at identifying and prosecuting the involved parties.
Estimated Financial Impact and Global Regulatory Response
Coinbase estimated the cost of mitigating the breach could reach up to $400 million. The financial toll reflects both the scale of the breach and the measures required to safeguard the platform from future insider threats.
Simultaneously, data regulators in the United Kingdom and Ireland acknowledged receiving reports from Coinbase about the breach. Both agencies stated they are currently assessing the situation.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
