Coinbase Expects to Pay Up to $400M to Customers for Data Breach

Coinbase (COIN) expects to pay $180 million to $400 million to customers for the data breach on its platform.

The breach occurred on May 11, according to the firm. The bad actors were able to access customers personal details, such as name, address, phone number, and masked social security number.

"Based on facts that continue to evolve, the Company has preliminarily estimated expenses to be within the range of approximately $180 million to $400 million relating to remediation costs and voluntary customer reimbursements relating to this Incident," the exchange said in an SEC filing.

The crypto exchange said in a blog post that it will "reimburse customers who were tricked into sending funds to the attacker." It has also offered a $20 million bug bounty for anyone that provides information leading to an arrest.

The confirmation of cyber criminal activity comes three months after on-chain sleuth ZachXBT claimed that Coinbase users had lost $300 million to social engineering scams.

Coinbase also said that the criminals secured government ID images, account balances and corporate data. Two-factor authentication codes and private keys were not breached, it added.

The exchange fired staff involved in the breach on the spot and referred to U.S. and international law enforcement. It will also press criminal charges.

Coinbase did not immediately respond to CoinDesk's request for comment in regards to ZachXBT's $300 million claim.

UPDATE (May 15, 12:48 UTC): Updates headline, adds details on the breach.