Cryptocurrency exchange giant Coinbase has disclosed a significant data breach affecting 69,461 customers, revealing that customer and corporate data was improperly accessed by individuals performing services at overseas support centers. The incident has raised urgent concerns over insider threats and secondary social engineering attacks using sensitive personal identifiers.
In a data breach notification filed with the Office of Maine’s Attorney General, Coinbase reported that the breach stemmed from contractors improperly accessing user information. While critical access credentials like passwords, seed phrases, and private keys were not included in the exposure, the compromised data includes a wide array of personally identifiable information (PII).
The stolen data may include:
- Full name and date of birth
- Email address and physical address
- Phone number
- Masked bank account numbers and identifiers
- Last four digits of Social Security Numbers
- Images of government-issued ID (driver’s license, passport, or national ID)
- Account-specific data (transaction history, balances, transfers, and account creation dates)
According to Coinbase, the data was not sufficient for unauthorized account access, but attackers can leverage it for credible impersonation and social engineering attacks, potentially convincing users to transfer cryptocurrency under false pretenses.
“Attackers seek out this information because they want to conduct social engineering attacks, using this information to appear credible to try and convince victims to move their funds,”
— Coinbase
The disclosure follows a filing with the U.S. Securities and Exchange Commission (SEC), where Coinbase acknowledged that up to 1% of its customer base may have been impacted, due to malicious activity facilitated by non-U.S. based contractors.
The incident took a darker turn on May 11, when attackers sent a ransom email demanding $20 million in exchange for withholding the leaked data from public release. Coinbase refused the extortion, instead offering a $20 million reward fund for information leading to the identification and prosecution of the perpetrators.
While the exact number of customers who have fallen victim to follow-up scams remains undetermined, Coinbase estimated that remediation and reimbursements could cost between $180 million and $400 million.
“Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident… following a review to confirm the facts.”
— Official statement
The company is working to contain the breach and has issued urgent security advice to affected users and the broader crypto community. Coinbase warned users to beware of phishing calls or messages from scammers impersonating employees, especially those requesting passwords, 2FA codes, or account information.
For protection, Coinbase recommends:
- Never share credentials or codes over the phone
- Enable Two-Factor Authentication (2FA)
- Activate withdrawal allow-listing to prevent unauthorized transfers
- Monitor accounts for suspicious activity
- Report any unusual contact to Coinbase immediately
This Coinbase data breach underscores the risks associated with third-party access and insider threats in cryptocurrency platforms, particularly as threat actors seek new ways to monetize stolen data through manipulative scams and targeted fraud. As regulatory scrutiny increases and customer trust hangs in the balance, companies in the crypto space must adopt stricter controls over remote support roles and enforce zero-trust policies to safeguard sensitive financial ecosystems.
