Cryptocurrency company Coinbase says a recent cyberattack that targeted customer data is set to cost the firm as much as $400 million.
Coinbase says hackers used social engineering tactics to gain access to certain Coinbase support systems. "These insiders abused their access to customer support systems to steal the account data for a small subset of customers," or about 1% of monthly users. Coinbase says these bad actors could have then posed as the company itself and tricked customers into sending crypto payments.
Data lost in the hack includes names, addresses, phone and email information; partial social security and bank account numbers and images of government issued IDs such as driver's licenses. Coinbase says account credentials, private keys and access to customer funds were not compromised.
The hackers reportedly wanted $20 million from Coinbase — but Coinbase says it will not cooperate with that demand and will instead reimburse the targeted customers for any lost funds. It will offer $20 million in bounty funds for information that leads to arrest and conviction of any perpetrators.
RELATED STORY | FBI investigating a rise in cryptocurrency scams as popularity rises
In an SEC filing this week with more details of the cyberattack, Coinbase says it could end up paying as much as $400 million on reimbursement and remediation costs.
The attack comes as Coinbase is scheduled to join the S&P 500 in just a few days. It will begin trading on the index on Monday, May 19.
