Coinbase, one of the largest cryptocurrency exchanges in the world, has confirmed a serious data breach that exposed sensitive customer information. In a blog post and a regulatory filing with U.S. authorities, the company admitted that hackers accessed internal systems and stole personal data of users, including identity documents.
According to Coinbase, the attackers were able to access the data by paying off support agents working for the company overseas. These individuals were not direct employees of Coinbase but were part of third-party support operations. They abused their access to internal tools and copied information of less than 1% of Coinbase’s 9.7 million monthly transacting users.
Once they had the data, the criminals tried to extort Coinbase, demanding $20 million in exchange for not releasing the stolen information. Coinbase refused to pay the ransom and instead took immediate steps to investigate and contain the breach.
The stolen data includes Full names, phone numbers, postal address, email addresses, last four digits of Social Security numbers (masked), masked bank account numbers and some bank identifiers. The data also includes Government-issued IDs like driver’s licenses and passports, Account balance details, transaction histories, some internal corporate documents, training materials, and support communication
Despite the breach, Coinbase confirmed that the hackers did not get access to:
- User login credentials or two-factor authentication (2FA) codes
- Private keys
- Any ability to move or access funds
- Coinbase Prime accounts
- Cold or hot wallets belonging to Coinbase or its users
This means that while personal information was leaked, actual funds were not stolen from any account due to the breach.
Coinbase is voluntarily reimbursing retail users who were tricked into sending crypto to the attackers as part of social engineering scams linked to this incident. Affected users have already been contacted via email from [email protected] on May 15, 2025.
The company is also taking several steps to improve its security infrastructure. It launching a new support hub based in the U.S. and also adding stronger security checks for support staff. The company will also enforce extra identity verification for risky transactions. It is also increasing monitoring and security training across all teams.
Coinbase says it is committed to staying transparent. All affected users were notified, and updates will be shared as the investigation continues.
Instead of paying the ransom, Coinbase has created a $20 million reward fund for anyone who can provide information leading to the arrest and conviction of the attackers. Anyone with relevant details is asked to email [email protected].
The company is also working with partners to tag the crypto wallet addresses used by the attackers to help track and recover stolen assets.
If you are an existing Coinbase user, you need to follow these safety practices:
- Never share passwords or 2FA codes
- Do not move your funds to unknown or new wallets on anyone’s request
- Enable hardware key-based 2FA
- Use withdrawal allow-listing to control where funds can be sent
- Lock your account if anything feels suspicious, and report it
