Coinbase Data Breach – Customers Personal Info, Government‑ID & Account Data Exposed

Coinbase, the largest cryptocurrency exchange in the United States, has disclosed a significant cybersecurity incident that could cost the company up to $400 million.

The breach, revealed in a regulatory filing and confirmed by company officials, stemmed from a sophisticated insider campaign targeting the firm’s overseas support contractors and employees.

Coinbase Data Breach

On May 11, 2025, Coinbase received an email from an unknown threat actor claiming to possess sensitive customer account information and internal documentation, including materials related to customer service and account management systems.

The attacker demanded a $20 million ransom in exchange for not releasing the stolen data. Coinbase refused to pay the ransom and has since involved law enforcement agencies in the ongoing investigation.

The breach happened because several contractors and employees outside the United States were bribed. They were paid to steal data from Coinbase’s internal systems.

These individuals have since been terminated, and Coinbase has implemented heightened fraud monitoring and notified customers whose information may have been compromised.

Customers’ Personal Data Exposed

The company estimates that less than 1% of its monthly active users, approximately 100,000 customers, were affected by the breach. The stolen data includes:

• Names, addresses, phone numbers, and email addresses.
• Masked Social Security numbers (last four digits only).
• Masked bank account numbers and some banking identifiers.
• Images of government-issued IDs (e.g., driver’s licenses, passports).
• Account data, including balance snapshots and transaction history.
• Limited corporate data, such as documents and internal communications, is accessible to support agents.

Crucially, Coinbase confirmed that no passwords, private keys, or customer funds were accessed, and Coinbase Prime accounts remained untouched.

Coinbase has pledged to reimburse any customers who were deceived into sending funds to the attackers as a result of the incident.

The company is revamping its customer support operations, opening a new support center in the United States, and enhancing anti-fraud measures to prevent future breaches.

The preliminary financial impact is estimated between $180 million and $400 million, covering remediation costs and voluntary customer reimbursements.

This figure may change as the investigation continues and as potential losses, indemnification claims, or recoveries are assessed.

This breach comes at a critical time for Coinbase, just as it is set to join the S&P 500 index, and highlights the growing cybersecurity challenges facing the cryptocurrency sector as it attracts increasingly sophisticated attacks.

Coinbase CEO Brian Armstrong has publicly apologized for the distress caused and reaffirmed the company’s commitment to customer security, transparency, and aggressive pursuit of those responsible.