Coinbase Launches $20M Bounty Hunt After Failed $20M Bitcoin Extortion Attempt

Crypto exchange Coinbase has gone on the offensive, launching a $20 million bounty for information that leads to the capture and conviction of cybercriminals behind a bold blackmail scheme targeting its user database.

According to a new company blog post, a group of extortionists allegedly bribed overseas customer support contractors to gain access to a small fraction of user records—impacting less than 1% of Coinbase’s monthly active users. Once in possession of the data, the bad actors issued a chilling ultimatum: pay $20 million in Bitcoin or face a public leak of sensitive personal information, including customer names, home addresses, and government-issued identification.

Coinbase, however, refused to pay the ransom.

“No passwords, private keys, or user funds were compromised,” the company emphasized, noting that its Coinbase Prime institutional accounts remained untouched. Instead of yielding to the threats, the firm is turning the tables—offering a matching $20 million bounty to anyone who can help identify and bring the perpetrators to justice.

The San Francisco-based crypto giant has also involved law enforcement and pledged full reimbursement for affected users.

This isn't the first time Coinbase has faced a high-stakes extortion ploy. In 2022, the company offered a similar bounty in response to another attack. But the stakes are higher now, as social engineering attacks continue to plague the crypto industry. Investigative onchain analyst ZachXBT has tracked several such scams in recent months, in which Coinbase customers lost millions after being tricked by impostors posing as legitimate support agents.

Coinbase’s latest bounty marks a turning point in how the exchange plans to confront rising digital threats—not with silence, but with serious cash incentives and a commitment to transparency.