Cybercrime escalates: NatWest and Coinbase reveal scale of attacks

The financial sector is confronting a surge in sophisticated cybercrime  threats, as two leading institutions – NatWest and Coinbase – reveal the staggering scale of digital attacks they face.

Cybercrime escalates

In recent testimonies and disclosures, both firms underscored the growing complexity of cybercrime, its financial ramifications, and the evolving role of artificial intelligence in online fraud.

NatWest – 100m per Month

Speaking before the Scottish Parliament’s Criminal Justice Committee, NatWest’s Head of Cybersecurity, Chris Ulliott, disclosed that the bank faces approximately 100 million cyberattack attempts each month.

These efforts, aimed at penetrating the bank’s defences, are complemented by a deluge of malicious emails – about one third of all inbound messages are blocked as potential threats.

“We analyse every single email coming into our estate,” Ulliott told MSPs.

“Millions are blocked monthly, as they are considered the first stage of an attempted cyberattack against our staff.”

The scale and persistence of these threats have prompted the bank to build a dedicated cybersecurity team comprising hundreds of specialists and supported by a multi-million-pound annual budget.

Police Scotland data reflects a parallel surge in broader digital crime, with recorded cyber offences rising from 7,710 in 2020 to 18,280 in 2024, a trend catalysed by the pandemic and now compounded by AI-driven deception.

Ulliott warned that fraudsters are increasingly using AI to personalise scams, including deepfake technology that can convincingly mimic a “trustworthy elderly British gent” during live video calls.

Coinbase – $400m

Meanwhile, US-based cryptocurrency exchange Coinbase is dealing with the aftermath of an internal data breach involving bribed contractors and employees.

In a filing with the Securities and Exchange Commission (SEC), the company revealed that attackers accessed a range of sensitive customer data, including partial social security numbers, government IDs, and masked bank account details.

While passwords and private keys remained secure, the fallout may cost the firm up to $400 million in customer reimbursements and remediation efforts.

The breach involved a $20 million ransom demand, which Coinbase refused.

Instead, the company has created a $20 million reward fund to incentivise information leading to the culprits’ arrest.

It is also tightening internal security protocols, enhancing ID verification for suspicious accounts, and working with global law enforcement to recover stolen assets.

These revelations underscore the financial sector’s (not to mention large Merchants) urgent need to reinforce cyber resilience.

With fraudsters becoming increasingly agile and technology-literate, institutions are being forced to adapt rapidly – investing not only in technology, but in culture, personnel, and cross-border cooperation – to defend against a threat that is both invisible and ever-evolving.