Coinbase Data Breach Impacted Nearly 70,000 Customers

The recent breach at Coinbase has had significant implications, affecting approximately 70,000 customers. This alarming development was officially reported by the cryptocurrency exchange in a data breach notification submitted to the Office of the Maine Attorney General.

Following the acknowledgment of the breach on May 15, Coinbase disclosed that insiders at its overseas retail support locations had improperly accessed customer information. The breach reportedly occurred on December 26, 2024, impacting a total of 69,461 customer accounts. The exchange did not become aware of the incident until May 11, 2025, when the attackers attempted to extort a $20 million ransom in exchange for not disclosing the stolen information.

In response to the extortion attempt, Coinbase decided against paying the ransom and instead established a reward fund of $20 million for information that could lead to the identification and apprehension of the attackers responsible for this incident.

However, Taylor Monahan, a prominent security figure in the cryptocurrency community, has questioned the timeline presented by Coinbase. Monahan suggested that the breach likely occurred much earlier than indicated, claiming that threat actors maintained access through various insiders over an extended timeframe. She pointed to evidence of higher net worth customers being targeted months prior to the official breach notification, with significant financial losses reported due to sophisticated phishing attacks.

Reports have emerged indicating that attackers have exploited information from the breach to execute successful phishing schemes. One analysis highlighted that at least $46 million was reported stolen through Coinbase phishing and social engineering tactics by March 2025, with some victims enduring substantial losses, including significant amounts of cryptocurrency.

The heightened urgency around this breach comes at a time when the cryptocurrency sector is grappling with an increase in extortion attempts, evident from high-profile incidents, including a recent significant heist at another platform and threats against cryptocurrency executives and their families.

Furthermore, concerns have arisen due to findings that an open-source project associated with Coinbase became a target of a malicious attack, compromising data from multiple GitHub repositories.

Coinbase, like many others in the industry, faces an uphill battle against evolving cyber threats that pose significant risks to customers and the overall integrity of the cryptocurrency ecosystem. It remains imperative for stakeholders in this space to stay vigilant and foster a culture of security to mitigate risks associated with such breaches.