The US Department of Justice (DOJ) is investigating how attackers infiltrated Coinbase in their recent customer data breach incident, Bloomberg News reported on May 19, citing a person familiar with the matter.
Coinbase chief legal officer Paul Grewal confirmed the company is cooperating with federal law enforcement and intends to pursue legal action against those responsible.
Grewal added that Coinbase is also working with “other US and international law enforcement agencies.”
A spokesperson for the exchange declined to comment further on the matter.
Extortion attempt and internal breach
Coinbase disclosed in a May 15 statement that attackers bribed third-party contractors and employees in India, who had privileged access to the firm’s internal support systems.
The breach affected less than 1% of its monthly active users and compromised names, contact details, identity documents, and partially masked financial information. Core infrastructure, such as private keys, authentication credentials, and cold wallets, remained uncompromised.
However, the internal data leak allowed the attackers to pose as Coinbase personnel, enabling subsequent social engineering scams that targeted customer accounts.
Coinbase CEO Brian Armstrong said the attackers demanded a $20 million ransom in Bitcoin. The company refused to pay the ransom and instead announced it would establish a $20 million reward fund for information leading to the identification and prosecution of the perpetrators.
Up to $400 million in remediation costs
Coinbase disclosed in a Form 8-K filing with the US Securities and Exchange Commission (SEC) that it is still assessing the full financial cost of the breach.
Preliminary estimates place remediation expenses and user reimbursements between $180 million and $400 million. The company said it would compensate all affected users and terminate the compromised individuals involved in the breach.
Security researcher ZachXBT has been monitoring phishing and social engineering schemes targeting Coinbase users. He recently attributed more than $300 million in annualized losses to similar attacks on the exchange’s customers.
Many of these attacks have leveraged impersonation tactics and extracted seed phrases through elaborate deception campaigns.
The DOJ probe marks an escalation in the response to what is now one of the most costly insider-related breaches in the crypto sector.