How Bribery at a Vendor Led to Coinbase Extortion Incident
🔒 In early May 2025 Coinbase disclosed that attackers had extorted the company after bribing employees at an outsourced support provider in India to acquire customer and internal data. The theft affected roughly 1% of monthly active users — about 70,000 people — and exposed information useful for social engineering, though no private keys or wallet credentials were taken. Coinbase refused a $20 million ransom, posted a matching bounty, pledged customer reimbursement, flagged suspect blockchain addresses, dismissed implicated vendor staff, and ended the vendor relationship.
