The United States Department of Justice (DOJ) has launched a criminal investigation into a recent cyberattack, which exposed sensitive internal documents and limited customer data.
Attack Uncovered After Ransom Demand
The incident first surfaced on May 11, when Coinbase received a message from an unidentified threat actor claiming to have obtained confidential internal documents and information linked to certain customer accounts. The attacker demanded a $20 million ransom in exchange for not releasing the compromised data. Coinbase refused to comply with the demand and instead offered a $20 million reward for credible information leading to the identification and capture of those responsible.
Minimal Impact Reported By Coinbase
According to Coinbase’s disclosure, the breach impacted less than 1% of its global customer base. The data obtained included personal details such as names, addresses, email IDs, account balances, partial Social Security numbers, and masked bank account details. Crucially, no customer funds, private keys, or login credentials were compromised, and the company’s Prime accounts remained unaffected.
Perpetrators Exploited Insider Bribery Tactics
Investigations so far suggest that the perpetrators managed to access sensitive data by bribing overseas support staff affiliated with Coinbase. This insider exploitation enabled unauthorized access to internal company documents and a subset of user accounts. The financial repercussions from the incident are projected to fall between $180 million and $400 million, though no customer assets were reportedly lost.
DOJ, Law Enforcement Agencies Actively Involved
Confirming the ongoing investigation, Coinbase’s Chief Legal Officer Paul Grewal stated,
“We have notified and are working with the DOJ and other US and international law enforcement agencies, and welcome law enforcement’s pursuit of criminal charges against these bad actors.”
Grewal emphasized that Coinbase itself is not the subject of the DOJ’s probe. This was corroborated by a source quoted by Reuters, who clarified,
“Coinbase is not under DOJ investigation, DOJ is investigating the criminal actors.”
The Department of Justice has yet to issue a public comment regarding the investigation.
Context of Crypto Exchange Breaches
While Coinbase has largely avoided large-scale hacks since its inception, the attack underscores the persistent vulnerability of crypto exchanges to security breaches and insider threats. Earlier this year, Bybit was targeted in a record-setting $1.5 billion theft, allegedly orchestrated by North Korea’s Lazarus Group through an exploit of its cold wallet systems. In 2022, Binance fell victim to a breach involving the unauthorized minting of 2 million BNB tokens, valued at approximately $570 million at the time.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice
Source: https://cryptodaily.co.uk/2025/05/us-department-of-justice-opens-criminal-probe-into-coinbase-cyberattack