Who’s to Blame? Coinbase Faces Scrutiny Over Data Breach Response

A recent data breach disclosed by crypto exchange Coinbase has divided opinions on social media, with critics arguing that the exchange should have taken stronger measures to protect user data.

On May 15, US-headquartered Coinbase revealed that cybercriminals had bribed some overseas support agents and acquired personal data on customers. The criminals emailed Coinbase, demanding $20 million in exchange for not releasing the information.

Coinbase CEO Brian Armstrong responded to the attackers in a message on X, refusing to pay the ransom. Instead, he said the company would reimburse affected customers, relocate some customer operations, and offer a $20 million reward for information that could help lead to the attackers’ arrest.

Later, the US Department of Justice (DOJ) launched a formal investigation into the case. Although no customer accounts were directly hacked, the criminals could use the stolen data to impersonate Coinbase support agents and carry out social engineering attacks to steal funds.

TechCrunch Founder Michael Arrington Raises Alarm Over Human Risk in Coinbase Hack

Michael Arrington strongly criticized Coinbase over its recent data breach, warning that it could cost human lives, or may have already. He stated that hackers were able to access sensitive information, including home addresses and account balances.

The TechCrunch founder argued that customer reimbursement cannot make up for the human cost or undo the damage done.

Arrington expressed deep disappointment in Coinbase, saying that executives of any company failing to adequately protect customer data should face prison time. He also criticized Coinbase for opting for the cheapest customer service solution, saying it ultimately comes at a greater cost.

In the comments, Arrington further suggested that governments should reevaluate their KYC regulations to help prevent incidents like this.

“Forced to Collect Data”: Brian Armstrong Responds to Criticism 

In response to Arrington’s criticism, Brian Armstrong presented several arguments. First, he pointed out that customer information has not been published on dark web marketplaces. Armstrong argued that the hackers would have gained nothing even if they had acted, especially considering the $20 million bounty offered for information leading to their arrest.

Addressing claims that company executives should face jail time for data breaches, Armstrong noted that the issue is broader and affects government agencies as well, since no one can completely defend against cyber threats.

That said, Armstrong acknowledged the need for better KYC solutions.

“The better solution here is to focus on laws that require companies to store this information,” Armstrong said. “We don't want to collect it, and our customers hate it. We are being forced to collect it against our will. And it's not even effective at stopping crime, if you look at the data behind it.”

Spotlight on Coinbase's Customer Support

Alongside concerns about Coinbase’s security practices, users also criticized the overall quality of its customer support. Wildcat Finance founder Laurence Day jokingly remarked that he was surprised anyone from Customer Support was even online to be bribed.

Others, including WendyO, acknowledged Coinbase’s transparency but still pointed out ongoing support issues. Meanwhile, Venice founder Erik Voorhees defended the exchange, emphasizing that data collection is required by law.