What began as a vague estimate is now confirmed: the recent Coinbase data breach affected 69,461 U.S. customers, according to a mandatory disclosure filed with the Maine Attorney General. The breach, traced back to December 26, 2024, remained undetected for months and was only discovered on May 11, 2025—the same day Coinbase received a $20 million ransom demand.
Coinbase initially stated the breach impacted “less than one percent” of its monthly active users. But the updated filing reveals a broader and more serious case of insider wrongdoing, involving bribed customer-support contractors working overseas.
What Was Stolen?
The stolen data includes:
- Full names
- Postal and email addresses
- Phone numbers
- Last four digits of Social Security numbers
- Masked bank account details
- Scans of IDs (driver’s licenses and passports)
While no crypto funds were stolen, the exposed information is enough to power highly convincing phishing and identity theft scams.
How It Happened
According to Coinbase, a group of overseas contractors exploited their access by secretly exfiltrating customer data. These individuals were allegedly bribed by external threat actors, triggering what Coinbase calls an “insider incident.”
Coinbase’s internal security team only noticed the breach when abnormal data access patterns surfaced—just as the $20 million extortion attempt arrived. Despite this, the company refused to pay and launched a full-scale investigation.
Affected customers began receiving notification letters on May 30, and Coinbase is offering:
- One year of IDX credit monitoring
- $1 million in identity theft insurance
- Voluntary reimbursement for victims who lost funds due to phishing, pending claim validation
In a broader move to shore up defenses, Coinbase is:
- Launching a U.S.-based customer support hub
- Rolling out enhanced insider-threat monitoring systems
- Adding extra ID verification and scam warnings for high-risk withdrawals
In a recent SEC filing, Coinbase estimated the total cost of breach remediation and reimbursements to fall between $180 million and $400 million. The company emphasized that its core crypto systems—including Prime, hot wallets, and cold storage—were not compromised.
This incident underscores the growing threat of insider attacks in the digital asset sector. While Coinbase has managed to contain the fallout so far, the breach has raised serious questions about third-party risk, customer data security, and the resilience of support operations outsourced abroad.
