- On December 26, 2024, 69K plus consumers’ data was exposed due to a Coinbase breach.
- Hackers bribed overseas support staff to steal customer information.
- No passwords or funds were compromised; Coinbase Prime was unaffected.
The data breach at Coinbase was experienced by sixty-nine thousand four hundred sixty-one individuals, according to the company. The Maine Attorney General said that the data breach happened on December 26, 2024, but wasn’t discovered until May 11, 2025. With money given to customer service workers outside the country, cybercriminals acquired users’ personal information.
The hackers accessed people’s names, email addresses, home addresses, phone numbers, government IDs, amount of money in their accounts and transaction information. No one’s passwords, private keys or funds were breached. Coinbase Prime account users were not affected. The company decided not to pay the ransom of $20 million that the attackers requested.
What Events Led to the Breach
The hackers went after Coinbase’s overseas support team with an offer of cash in return for customer information. Only a very small percentage of Coinbase customers who transact every month were impacted by the insiders copying information from customer support tools. With the stolen data, attackers impersonated Coinbase to convince users to send cryptocurrency.
The internal security team at the company spotted the breach. Individuals working for the company as support agents, all from India, were immediately fired. Coinbase is taking criminal action against the hackers in cooperation with international law enforcement. The company sent the crypto addresses used by attackers to help authorities track and restore assets.
On May 11, 2025, Coinbase got an extortion email asking for $20 million to keep the data from being released. Instead of giving in, the exchange set up a $20 million reward for anyone who helped find and arrest those responsible for the incident
Coinbase’s Steps to Help Users
On May 15, 2025, at 7:20 a.m. ET, Coinbase emailed the affected users. People who lost their funds because of social-engineering attacks connected to the breach will be reimbursed by the company. Users affected by the incident benefit from one year of free identity protection and credit monitoring through IDX.
To avoid more incidents in the future, Coinbase added better insider-threat detection and automatic response systems. As a result, larger withdrawals on flagged accounts are now checked by ID and customers are reminded to watch for fraud. There may be delays for transactions considered high-risk because they receive extra scrutiny.
Estimates show that the financial cost of the breach could reach $180 million to $400 million to cover repairing the system, compensating customers and various expenses. Even if making a claim can lower the total amount, being involved in litigation might end up costing you more in the future.
Brian Armstrong, head of Coinbase, posted on social media to discuss the breach and apologize to those affected. Armstrong said, “We are working to solve the problem for our customers and make sure those who are responsible are punished.” Working together, law enforcement and the company are focusing on making sure the offenders are given serious punishments.
Coinbase pointed out that openness is key since crypto uses are built on trust. They promised to inform users as the investigation continues. Customers are advised to enable two-factor verification and restrict transfers to already approved addresses exclusively by using withdrawal allow-listing.
The post Coinbase Insider Attack Exposes Data of 69K Users appeared first on Live Bitcoin News.