Cyberattack comes at bad time for US-based crypto exchange.
Speaking with BetaKit CEO Siri Agrell at Consensus 2025, Coinbase Canada CEO Lucas Matheson passionately argued that Canada’s newly elected Liberal government needs to embrace cryptocurrency—hours after his company revealed it was the latest Web3 victim of a potential multi-million-dollar cyberattack.
On stage, Matheson reiterated six Coinbase requests for policy and regulatory changes he said could help Canada become a global crypto leader, arguing that federal leadership needs to take crypto seriously or risk falling behind other nations. He cited the United States (US), which has become more crypto-friendly under President Donald Trump—re-elected partially with the help of tens of millions in donations from the industry—as one example.
“I really think there’s very few compelling reasons to be anti-crypto as a politician today,” Matheson said.
In a regulatory filing, Coinbase forecast a cost of between $180 million and $400 million USD to recover from the incident.
But the cyberattack Coinbase announced this morning undercuts that message. Coinbase revealed that on May 11, the US-based crypto exchange received an email from an unknown threat actor who claimed to have information about some customer accounts and internal documents, and demanded a $20-million USD blackmail ransom from Coinbase. In a regulatory filing, Coinbase forecast a cost of between $180 million and $400 million USD to recover from the incident.
Hacks and scams have long plagued the crypto industry. Suspected North Korean hackers drained a record $1.5 billion USD from the Dubai-based ByBit exchange earlier this year, while Binance, Ronin Network, and many others have been hit with attacks costing hundreds of millions.
Perpetrators targeted Coinbase customer support agents working overseas, using cash offers to convince a small group of insiders to gather customer info hackers could use to pretend to work for the crypto giant and convince its clients to hand over their crypto, Coinbase said. Some data, including names, addresses, and emails, was stolen from less than one percent of Coinbase’s monthly transacting users, but the company said hackers were not able to directly access login credentials, passwords, or funds.
Coinbase said it has fired the insiders responsible, declined to pay the ransom, and committed to reimbursing customers who were tricked into sending funds to the attackers. It also established a $20-million bounty for info leading to an arrest and conviction.
Matheson did not directly address Coinbase’s recent hack on stage, and Coinbase declined an interview request from BetaKit. But during a fireside discussion a bit later in the morning, Coinbase chief legal officer Paul Grewal spoke about the incident directly.
Grewal said Coinbase decided not to pay the ransom and announce it publicly to “so that all of us could understand in real time this common threat that we face from this global menace.”
“I think it’s critically important that we operate collectively as an industry—frankly, across industries—to share information, to work together with one another, and to make it clear to these actors that we will not be shaken down,” Grewal said.
For Coinbase, which has been advocating for policy and regulatory changes in both Canada and the US, the timing is unfortunate for both efforts. The disclosure comes days before the company is set to join the benchmark S&P 500 index—a landmark first for the crypto industry.
Coinbase has also advocated for more crypto-friendly policy and regulation through the Canadian chapter of Stand With Crypto, an initiative it helped spearhead. With members including Canadian firms like Dapper Labs, Newton, VirgoCX, and WonderFi, the group also tracks politicians’ stance on crypto.
RELATED: Vancouver byelection result threatens mayor’s “Bitcoin-friendly city” brand
Matheson’s policy requests call on the feds to launch a crypto task force, establish a Bitcoin reserve, remove securities regulation barriers for fiat-backed stablecoins, clearly define crypto, and make it easier to build large-scale crypto mining centres. He also asked the government to legislate reforms to allow banks to store crypto, update open banking to cover crypto, and prohibit banks from denying basic services to crypto companies.
Much of Coinbase’s wishlist is shared by the broader Canadian crypto and Web3 community. Some items are mirrored by the recommendations in the white paper that the Canadian Blockchain Consortium, which counts Coinbase as a member but represents players across the industry, published yesterday. Among other things, its 12-item list includes calls for the creation of a digital asset policy task force and stablecoin regulation it feels is appropriate.
Crypto industry leaders BetaKit spoke with at the Payments Canada Summit expressed interest in working with Canada’s new prime minister, Mark Carney, to advance the sector, but skepticism that he will bring much in the way of change given his past remarks about crypto and the more pressing priorities he faces given the Canada-US trade war.
As Shakepay senior policy manager Carlo Campisi told BetaKit last week, “There’s not a lot of proof to be overly optimistic.” He said he is expecting “a lot of the same,” but hopes he is wrong.
RELATED: Canadian Web3 regulations and Coinbase’s year in review
In an interview with BetaKit, Canadian Blockchain Consortium vice-president Jade Alberts said that in the crypto sector, regulation and transparency are particularly important, especially when events like the Coinbase hack occur. Alberts commended Coinbase for sharing information about the incident and the steps it has taken in response, including promising to reimburse customers who were impacted.
“I truly believe that transparency and [Coinbase’s response to the hack] is important, especially to build that trust as a digital asset community,” Alberts said.
Coinbase has already benefited from shifting attitudes south of the border towards crypto. But while the US Securities Exchange Commission (SEC) recently dropped an investigation into Coinbase for alleged securities law violations, it is still reportedly looking into whether the company misstated its user numbers in securities filings and marketing materials.
At the time of publication, Coinbase’s shares are down more than seven percent today on the Nasdaq following news of the cyberattack and ongoing SEC investigation.
Feature image courtesy Consensus by CoinDesk.