Coinbase is under scrutiny after confirming a security breach that exposed personal information of some of its users. The crypto exchange said fewer than 1% of its monthly transacting users were affected.
Still, that small slice could mean thousands of people. According to reports, the attack could end up costing Coinbase as much as $400 million in reimbursements.
But money might not be the biggest issue here. What’s more troubling is the kind of information that was leaked—home addresses and account balances. Some experts say this kind of data falling into the wrong hands could put people in real danger.
Stolen Info Could Lead To Physical Violence
Michael Arrington, founder of TechCrunch and Arrington Capital, didn’t hold back his concerns. In a May 20 post on X, he said this breach could lead to people “dying.”
“It probably has already,” he added. His comment wasn’t just a hot take. There’s been a wave of violent attacks aimed at crypto holders. These are not random thefts—some involve kidnapping and even torture.
I am a long time investor in and champion of @coinbase. Something that has to be said though – this hack – which includes home addresses and account balances – will lead to people dying. It probably has already. The human cost, denominated in misery, is much larger than the $400m… pic.twitter.com/ruSYKAGH7x
— Michael Arrington (@arrington) May 19, 2025
On May 4 in Paris, the father of a French crypto entrepreneur was abducted. The attackers reportedly cut off one of his fingers and sent a video to his son, demanding 5 million euros in crypto.
French police eventually rescued the victim after two days and arrested five suspects. That happened just days before Coinbase confirmed its own breach. The connection may be coincidence, but the trend is real—crypto investors are becoming targets.
Hackers Paid Off Customer Service Workers
What makes the Coinbase breach even more shocking is how it happened. According to reports, cybercriminals bribed contractors working in customer service outside the US.
That gave them a way into internal systems without needing to hack anything directly. No passwords or private keys were stolen, and no crypto funds were taken, but criminals walked away with enough personal data to pull off serious scams.
These kinds of inside jobs are hard to predict and even harder to stop. They show how weak some parts of the crypto industry still are when it comes to handling user security—especially when outsourcing is involved.
Experts Call For Better Security Layers
Ronghui Gu, one of the guys behind the security firm CertiK, says crypto companies really need to step up their game. He’s talking about things like limiting who can access what, using two-factor logins, and not just trusting everything by default.
On top of that, he thinks companies should keep a close eye on their systems and make sure the staff—especially the ones dealing with private info—actually know how to spot trouble before it starts.
But even that might not be enough. Gu warned that more attackers are skipping over tech defenses and going after people instead. That’s how social engineering works—tricking or bribing people to gain access.
Featured image from Unsplash, chart from TradingView