Coinbase says cost of recent cyber-attack could reach $400m

The article doesn't really mention the scale of the cyberattack on Coinbase, nor what data was leaked. From the SEC filing itself.

On May 11, 2025, Coinbase, Inc., a subsidiary of Coinbase Global, Inc. (“Coinbase” or the “Company”), received an email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer-service and account-management systems. The communication demanded money in exchange for not publicly disclosing the information. The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities. These instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months. Upon discovery, the Company had immediately terminated the personnel involved and also implemented heightened fraud-monitoring protections and warned customers whose information was potentially accessed in order to prevent misuse of any compromised information. Since receipt of the email, the Company has assessed the email to be credible, and has concluded that these prior instances of improper data access were part of a single campaign (the “Incident”) that succeeded in taking data from internal systems. The Company has not paid the threat actor’s demand and is cooperating with law enforcement in the investigation of this Incident.

The Incident did not involve the compromise of passwords or private keys, and at no time were any of the targeted contractors or employees able to access customer funds. While the Company is still investigating the affected data, it included:

• Name, address, phone, and email;
• Masked Social Security (last 4 digits only);
• Masked bank-account numbers and some bank account identifiers;
• Government‑ID images (e.g., driver’s license, passport);
• Account data (balance snapshots and transaction history); and
• Limited corporate data (including documents, training material, and communications available to support agents).

TL;DR contractors and employees based overseas were bribed by cybercriminals in leaking data on users (likely those with significant crypto balances.) And the data leaked on said users is absolutely susbtantial, suggesting poor data security and KYC practices.

I knew there were hefty amounts of crypto being stolen, but the volumes claimed in the article, billions(in USD value) per year is kind of shocking to me. That's a globally significant amount of wealth redistribution. I wonder where we are actually seeing those impacts... Cause we have to be seeing it.