Coinbase confirms data breach affected over 69,000 customers, cites insider compromise

Cryptocurrency exchange Coinbase has confirmed that at least 69,461 customers had personal and financial information stolen in a months-long data breach, which the company disclosed last week.

The breach, which involved insider bribery, has raised serious concerns about the security of sensitive user data in the digital asset industry.

In a filing with the Maine Attorney General’s Office, as required under the state’s data breach notification law, Coinbase said the breach occurred between December 26, 2024, and continued until early May 2025. The company reportedly became aware of the intrusion after receiving a “credible” ransom note from a hacker demanding $20 million in exchange for deleting the stolen data.

Coinbase said it refused to pay the ransom.

In a blog post detailing the incident, Coinbase revealed that the attacker bribed customer support employees over several months to gain access to internal systems and customer data. The stolen information includes customer names, email and postal addresses, phone numbers, government-issued IDs, account balances, and transaction histories—raising concerns that high-net-worth individuals could now be targeted.

The company did not disclose how many support workers may have been compromised or whether disciplinary or legal actions have been taken. It also did not confirm whether any funds were stolen, focusing instead on the data exposure.

Coinbase said it is working with law enforcement and cybersecurity experts to investigate the breach and has notified affected users. The exchange emphasized that customer funds remain safe and accessible, though it acknowledged the seriousness of the data theft.

The incident underscores growing cybersecurity risks in the cryptocurrency sector, especially where insider threats and social engineering tactics are involved. Regulatory scrutiny is expected to intensify as investigations continue.

Copied