Coinbase: Transparency and strength in the face of attack

On May 11 2025, US cryptocurrency exchange Coinbase received an email from an unknown threat actor who claimed to have breached customer account data, and internal documents. 

As the situation unfolded over the following days, it became clear that cyber criminals had bribed a group of overseas Coinbase support agents to abuse their access to customer support systems, steal that customer data, and enable social engineering attacks. 

As reported by Coinbase itself, the criminals demanded a ransom of USD $20 million. 

But Coinbase said no. Instead, they made a video saying that instead of paying the ransom, the company will offer a $20 million bounty for any information that leads to the arrest of the attackers. 

Acting with transparency 

Last time we spoke to Philip Martin (CSO at Coinbase), we asked if he thinks cybersecurity leaders in the crypto space have a responsibility to be more transparent about how they work – in order to change public perceptions of cryptocurrency for the better. 

He said:

“While cryptocurrency has reached major milestones in the last few years, the truth is that it’s still early days where a lot of education and trust-building needs to happen. Security is the bedrock of trust. That’s why crypto leaders must be open about their security measures. By doing this, we can establish protocols and best practices that set the industry standard, and – more importantly – hold each other accountable.” 

And this month he’s living up to his word. 

Coinbase has made it clear that no passwords, private keys, or funds were exposed in the recent attack – and that any customers who were tricked into sending funds to the attacker will be reimbursed. 

In a statement, the company wrote: 

“Security and transparency are core to Coinbase. Consistent with that commitment, we’re publicly detailing an extortion attempt against us and our customers. Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident.”

That statement goes on to lay out the details of the attack and response clearly, in plain language, for every interested party to read. 

That transparency enables a strong response 

There’s no cover-up here. And because Coinbase is responding with transparency, the company is also able to respond with strength: being clear about why and how it’s responding to this attack with the goal of apprehending the criminals, rather than appeasing them. 

No company, in any sector, is immune to attack. 

But Coinbase is demonstrating the power of a transparent and strong response in real-time. The company is owning its vulnerabilities, acting fast to minimise the impact on customers (even at the company’s own expense), and working to prevent future attacks both by managing vulnerabilities and by cooperating with law enforcement to stop the attacker. 

Transparency builds trust. And it also lays the groundwork for a strong response – because nothing is happening in the dark. 

Martin told us, 

“...because scammers often operate across multiple online platforms, it’s crucial to avoid tunnel vision on just crypto. That’s why broader initiatives like Tech Against Scams and our work with law enforcement agencies are essential. By maintaining a collaborative approach across industries and between the public and private sector, we can better safeguard users across the entire digital landscape.”

That’s exactly what Coinbase is doing right now – safeguarding users into the future through clarity and collaboration.