Coinbase experienced a serious data breach over several months (from late December 2024 to May 2025) that compromised sensitive data of over 69,000 customers, the highly popular crypto exchange confirmed. The company revealed these numbers in a filing with the state of Maine. The breach (which the company made public last week) involved the theft of both personal and financial information and is now reportedly the subject of a federal investigation by the US Department of Justice.
In the filing, Coinbase disclosed that the breach was first traced back to December 26, 2024. For several months, hackers were able to steal sensitive data by bribing Coinbase customer support agents based overseas, allegedly in India. These compromised employees were reportedly paid to access internal systems and take information belonging to tens of thousands of customers.
According to the crypto exchange, the stolen data includes full names, email addresses, home addresses, phone numbers, and detailed financial records. This also extends to highly sensitive documents like photographs of passports and government-issued IDs, dates of birth, the last four digits of customers’ Social Security numbers, and banking information (including account balances and transaction histories).
Although Coinbase stressed that passwords and login credentials were not compromised. Still, the nature of the stolen data has raised concerns about the potential for follow-up targeting, especially against high-net-worth individuals (HNIs) within the crypto space.
Even in breach notification letters sent to victims, Coinbase warned that the stolen information could be used in scams where attackers pretend to be the company to trick customers into giving away their cryptocurrency. The company said the hacker had already made a list of customers and started pretending to be Coinbase to try to steal more money from them.
The breach only came fully to light when Coinbase got a serious ransom note from the hacker earlier this month. The attacker demanded $20 million in exchange for not releasing the data. But the company refused to pay, instead choosing to terminate the involved support workers, report the incident publicly, and notify affected customers. Meanwhile, in a blog post, the company announced that it has improved its security a lot since finding out about the breach. The firm is also offering a $20 million reward for information that leads to the identification of those responsible.
Additionally, in filings with the Securities and Exchange Commission (SEC), the company estimated the costs of dealing with the breach, which could range between $180 million and $400 million. These costs include customer reimbursements, investigative efforts, and new security measures.
The Coinbase breach is just one of several recent attacks raising serious concerns across the crypto industry. Earlier in February 2025, Bybit (another major cryptocurrency exchange) was hit by one of the largest hacks in crypto history, losing around $1.5 billion worth of Ethereum. The attackers quickly moved and sold the stolen funds. Also, in January 2025, Singapore-based exchange Phemex suffered a major breach, with hackers stealing over $85 million across several blockchains, including Ethereum and Solana.
