(Bloomberg) -- The US Justice Department has opened a probe into a recent breach at the leading cryptocurrency exchange Coinbase Global Inc., according to a person familiar with the matter.

Most Read from Bloomberg

America, ‘Nation of Porches’ NJ Transit Train Engineers Strike, Disrupting Travel to NYC NYC Commuters Brace for Chaos as NJ Transit Strike Looms NJ Transit Makes Deal With Engineers, Ending Three-Day Strike

Investigators, including those in the department’s criminal division in Washington, are digging into the circumstances surrounding the breach, said the person, who asked not to be identified discussing the investigation. Coinbase has said the hack involved criminals bribing employees and contractors in India to obtain client data.

A representative for the Justice Department declined to comment.

Coinbase brought the incident to the attention of authorities and the company itself is not under DOJ investigation, said Paul Grewal, the company’s chief legal officer.

“We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Grewal said. UK and Irish data regulators said they are “assessing” the situation after receiving reports from Coinbase.

The largest US crypto exchange disclosed on Thursday that hackers bribed customer representatives to steal the data and then asked for $20 million in ransom to cover it up. Coinbase said in the filing that it received an anonymous email from the hackers making the ransom demand on May 11.

In its filing last week, Coinbase added that in the months leading up to that email it had detected instances of customer support agents outside of the US collecting data from internal Coinbase systems. Those people have been fired, Coinbase said. The company estimated the incident could cost the firm as much as $400 million to remedy.

The perpetrators deployed what’s called social engineering attacks — where criminals use people to gain unauthorized access to data, rather than exploiting flaws in computer code. The thieves, armed with information that included users’ names, addresses, phone numbers, government-issued ID images and other information, aimed the social-engineering attacks directly at Coinbase’s customers.

--With assistance from Emily Nicolle.

(Adds further comment from company’s lawyer in fourth paragraph and background throughout.)

Most Read from Bloomberg Businessweek

Why Apple Still Hasn’t Cracked AI Anthropic Is Trying to Win the AI Race Without Losing Its Soul Microsoft’s CEO on How AI Will Remake Every Company, Including His Cartoon Network’s Last Gasp DeepSeek’s ‘Tech Madman’ Founder Is Threatening US Dominance in AI Race

©2025 Bloomberg L.P.

View Comments