Grewal added that Coinbase is also working with “other US and international law enforcement agencies.”
A spokesperson for the exchange declined to comment further on the matter.
The breach affected less than 1% of its monthly active users and compromised names, contact details, identity documents, and partially masked financial information. Core infrastructure, such as private keys, authentication credentials, and cold wallets, remained uncompromised.
However, the internal data leak allowed the attackers to pose as Coinbase personnel, enabling subsequent social engineering scams that targeted customer accounts.
Preliminary estimates place remediation expenses and user reimbursements between $180 million and $400 million. The company said it would compensate all affected users and terminate the compromised individuals involved in the breach.
Many of these attacks have leveraged impersonation tactics and extracted seed phrases through elaborate deception campaigns.
The DOJ probe marks an escalation in the response to what is now one of the most costly insider-related breaches in the crypto sector.
