Cybercriminals infiltrated Coinbase‘s data security systems in a breach that persisted from December 26, 2024, until its detection on May 11, 2025. This incident, involving approximately 69,461 users, was later publicized by Coinbase on May 15, 2025, through an SEC Form 8-K filing.
The breach resulted from an insider threat, since overseas customer support staff were bribed to facilitate unauthorized access to sensitive data, allowing attackers to operate undetected for several months. The compromised data included personal identification information such as names, addresses, phone numbers, email addresses, and partial Social Security numbers. Furthermore, the attackers accessed masked bank account numbers and documents containing images of government-issued IDs. Coinbase account information, comprising balance snapshots and transaction histories, was likewise exposed, though essential information like user passwords, seed phrases, and private keys remained secured. Following the breach, Coinbase acted decisively to suspend and terminate the implicated staff, reinforcing its commitment to cybersecurity. The incident involved a data breach affecting approximately 69,461 individuals. Coinbase has offered a $1 million insurance reimbursement policy to assist users affected by the breach. Similar to Norton’s dark web monitoring capabilities, Coinbase implemented enhanced security measures to prevent future unauthorized access.
Following the extortion attempt, in which the criminals demanded a $20 million ransom, Coinbase refused to comply and instead offered a $20 million bounty for information leading to the arrest of the perpetrators. Affected users received direct communications detailing the breach and instructions for protective measures, including one year of complimentary credit monitoring and identity theft protection via IDX, which incorporates identity restoration, dark web monitoring, and $1 million insurance reimbursement.
In response to the incident, Coinbase is collaborating with the US Department of Justice alongside international law enforcement agencies to further examine the breach. Nevertheless, the company faces significant legal repercussions, with lawsuits filed in multiple states alleging inadequate security. Plaintiffs are seeking monetary damages, data purging, and independent security audits, indicating broader regulatory scrutiny. As investigations unfold, Coinbase’s commitment to improve security measures remains at the forefront of its operational strategy.
