Coinbase CEO Responds with, “No, We are Not Going to Pay Your Ransom,” Offers $20M for Information on Hackers Instead

• Hackers demanded a $20 million ransom from Coinbase after stealing its data
• The CEO of the company denied succumbing to the threat actors' demands in a public statement 
• They are offering $20M to any informant giving tips leading to the arrest of the culprit

The CEO of cryptocurrency platform Coinbase made a brave public statement saying no to ransom payment after facing extortion and data leak threats in the hands of cybercriminals. Investor and billionaire Brian Armstrong posted a video of himself addressing a ‘disturbing’ email sent to Coinbase with a ransom note.

He said, “It was a ransom note demanding $20 million in Bitcoin in exchange for these attackers not releasing some information they claim to have obtained on our customers.”

The company‘s 8-K report noted that it received a ransom note on May 11, 2025. The identity of the threat actor is unknown at the moment.

Information from Coinbase’s account management systems was compromised. Armstrong detailed that the company investigated and found that cybercriminals, looking for a ‘weak link’ or someone they could bribe, found individuals they bribed to get personal account information of Coinbase’s Monthly Transacting Users (MTUs).

They also recruited Coinbase’s overseas support agents. They wanted customers’ data. However, the company’s support tools do not have complete access to it. 

Hence, this effort did not yield results or expose passwords, private keys, or funds, Armstrong confirmed.

However, they do have access to personal information, like name, date of birth, and address, which the hackers accessed. This could be used for launching social engineering attacks, contacting customers impersonating tech support for KYC, urging them to transfer funds, or revealing account information, leading to financial losses.

An announcement by Coinbase added that the last four digits of masked Social Security numbers, masked bank account numbers, and certain bank account identifiers were compromised. 

They also accessed images of government IDs like passports and driver’s licenses. Limited corporate data, including communications and training material, is suspected to have been exposed to hackers.

“Now, unfortunately, they were able to find a few bad apples,” Armstrong continued. He further shared that their systems are designed to mitigate such data access.

Threat actors gained access to less than 1% of their monthly transacting users. The company has announced reimbursals and has notified impacted customers bout their data being accessed by hackers.

To prevent similar threats, the company is going to rework its customer support systems. They are also relocating some of their customer support operations to tighten their infrastructure. 

The company maintained a clear and firm stand of not encouraging or yielding to the hackers’ demands. "We’re turning it around, and we’re putting out a $20 million award for any information leading to the arrest and conviction of these attackers,” Armstrong further added, “And now you have my answer!”

They have created an example of resilience in the face of adversity and have warned hackers that law enforcement will prosecute and bring them to justice. How the hackers respond to it remains to be seen!