TLDR
- DOJ Launches Criminal Probe into $20M Coinbase Hack
- Coinbase Hack Affects Less Than 1% of Users
- Remediation Costs Could Hit $400M
- COIN Stock Dips on Security Breach Concerns
- Core Systems Remain Secure Post-Attack
A criminal investigation is underway after a cyberattack targeted Coinbase Global Inc., with hackers demanding a $20 million ransom. The U.S. Department of Justice (DOJ) is leading the probe, supported by its criminal division in Washington. Coinbase confirmed the breach affected less than 1% of its user base but did not involve any financial losses.
Hackers Attempt $20M Ransom Over Stolen User Data
The cyberattack aimed to extort Coinbase into paying $20 million to prevent the release of sensitive customer data. While Coinbase detected the intrusion early, the attackers accessed limited personal data, which did not include private keys or login credentials. Despite no financial impact on users, Coinbase anticipates significant remediation expenses.
DOJ probes Coinbase cyberattack involving $20M extortion attempt
The U.S. Department of Justice (DOJ), including its criminal division in Washington, is investigating a cyberattack on @coinbase Exchange in which hackers attempted to extort $20 million to prevent the release of…
— CoinNess Global (@CoinnessGL) May 19, 2025
The breach’s financial toll could reach between $180 million and $400 million, driven by security upgrades and customer support efforts. Consequently, the company may also provide voluntary reimbursements to reassure its user base and protect brand integrity. Coinbase also works closely with domestic and international law enforcement to support ongoing investigations.
The DOJ has opened a criminal probe to trace the perpetrators, supported by cybersecurity experts and legal investigators. Coinbase cooperates with authorities, enabling access to forensic data and internal findings. Hence, the investigation is progressing swiftly under the DOJ’s oversight.
Coinbase Confirms No Funds or Private Keys Were Compromised
Coinbase clarified that its core infrastructure remained intact throughout the attack, shielding funds and private keys from exposure. The exchange’s multi-layered security protocols reportedly prevented attackers from accessing the deeper system. Additionally, no trading or wallet operations were disrupted during the incident.
Although less than 1% of users were affected, Coinbase began notifying impacted individuals and reinforcing account protections. The company aims to reassure customers through transparency and prompt communication. Furthermore, the security team has reviewed and enhanced detection tools to prevent recurrence.
Internal assessments indicate the breach exploited a third-party vulnerability, which has been patched. Technical audits continue to evaluate other potential weaknesses. As a precaution, Coinbase has also launched an internal review of all vendor-related access points.
COIN Shares Slip Following Incident and DOJ Investigation
Coinbase stock opened lower on May 19 and briefly surged in the early session, reaching an intraday high of $266.46. However, investor concerns resurfaced, driving the stock to close at $263.99, down 0.93% from the previous close. After-hours trading pushed the price further down to $263.03, reflecting continued pressure.
The market responded cautiously as investors weighed the potential financial impact and the DOJ’s ongoing investigation. Analysts noted that uncertainty around legal outcomes and remediation costs may keep COIN shares volatile in the near term. However, some maintained a long-term outlook based on Coinbase’s strong user base and compliance record.
Coinbase’s legal and security teams are working to contain the fallout while maintaining operations and platform stability. The company has not announced any platform outages or service disruptions since the breach. Nevertheless, investor sentiment may remain fragile as the investigation unfolds
