1. What happened?
- Cybercriminals bribed call-center contractors outside the U.S. to pull customer data.
- Stolen info: names, addresses, partial Social-Security and bank numbers, government-ID images. Funds, passwords and private keys stayed safe.
- Hackers demanded $20 million to keep the data private; Coinbase said “no.”
2. How much will it cost?
- SEC filing pegs the bill at $180 M–$400 M for reimbursements, credit-monitoring, and new security tools.
- Coinbase also posted a $20 M reward for tips that lead to arrests.
- Shares fell about 4 % on the news.
3. Why it matters
- Largest customer-comp payout ever announced by a U.S. crypto exchange.
- Comes just days before Coinbase joins the S&P 500, raising pressure to prove it can police insiders.
- Crypto hacks stole $2.2 B industry-wide in 2024, per Chainalysis; insider help is a growing trend.
4. What Coinbase is doing
- Fired compromised contractors and boosted monitoring of support channels.
- Opening a new U.S. support center to cut offshore risk.
- Working with law-enforcement and tagging hackers’ crypto wallets.
5. Takeaways for users
- Check your email. Coinbase has alerted everyone whose data was exposed.
- Enable hardware-key 2FA to stop phishing. (Best-practice, no citation needed.)
- Watch for fake “Coinbase support” calls; scammers now have more ammo.
