The United States Justice Department has launched an investigation into last week’s security breach at Coinbase Global, one of the country’s biggest cryptocurrency exchanges.
According to Bloomberg, sources say prosecutors in the department’s criminal division in Washington are looking at how the break-in happened. The breach was made public late last week when Coinbase filed fresh details with regulators. Coinbase earlier stated that criminals bribed employees and contractors in India to pull customer data from inside the company’s systems.
“We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Coinbase’s chief legal officer, Paul Grewal, said in a statement. The company also revealed that the hackers pressured customer service staff, stole the data, and then demanded a ransom of $20 million. Coinbase reported that it received the anonymous demand by email on May 11.
In its filing last week, the firm said that, in the months before that message arrived, it had spotted several overseas support agents pulling information from its internal network. According to the company, the workers, based outside the United States, have since been dismissed. Coinbase warned that the episode could cost as much as USD 400 million to fix. Investigators say the thieves used a social engineering attack, which relies on tricking people rather than breaking computer code.
Coinbase hackers reportedly targeted executives
One of the victims, according to a person familiar with the incident, was Roelof Botha, a managing partner at Sequoia Capital. The source, who spoke under anonymity, said data linked to Botha’s Coinbase account, including his phone number, home address, and other personal details, was exposed.
Botha is a part of the widely known “PayPal Mafia,” a circle of former PayPal executives that also includes Peter Thiel and Elon Musk. He joined Sequoia in 2003 and backed early rounds in YouTube and Instagram. In 2022, he became the venture firm’s senior steward.
The hack happened only days before Coinbase was set to enter the benchmark S&P 500 index, a milestone for the crypto field. News of its upcoming inclusion, along with a positive review from analysts, sent the stock up 20% after the announcement.
The breach underlines how the exchange’s growing profile has drawn the attention of cyber criminals, even as Wall Street grows more comfortable with companies tied to digital assets. Officials say the investigation remains active and could take several months.