Leading cryptocurrency exchange Coinbase revealed a significant data breach after hackers bribed multiple contractors at its India-based support operations, potentially exposing sensitive information of approximately 1% of its customer base. The breach, identified through an anonymous email received on May 11, 2025, prompted hackers to demand a $20 million ransom to prevent the public release of stolen data.
Coinbase faces major security crisis as India contractors accept bribes, exposing customer data in sophisticated breach targeting support operations.
The compromised information included customer names, postal addresses, email addresses, phone numbers, and government ID images, though the company maintained that passwords and cryptocurrency private keys remained secure.
Coinbase detected unusual activity from customer representatives as early as January 2025, with the breach primarily targeting business process outsourcing and support operations in India. The company has announced a $20 million bounty for information leading to the identification and arrest of the perpetrators.
According to Coinbase Chief Security Officer Philip Martin, the company immediately terminated the involved employees and contractors upon identification, referring them to law enforcement authorities. The company is implementing plans to open a new support hub in the United States to prevent future outsourcing vulnerabilities.
The exchange refused to comply with the ransom demand and estimated potential remediation costs could reach $400 million. The incident’s revelation in a Form 8-K SEC filing on May 14 triggered a 7% decline in Coinbase’s share price.
Evidence of the breach’s impact emerged through cases like David Jeong, a New York-based crypto founder who received suspicious verification texts in April and May 2025, regardless of not having used Coinbase’s one-time password system for two years.
Bloomberg News confirmed that at least one high-net-worth individual’s data was compromised in what appears to be a scheme designed to facilitate social engineering attacks against customers.
As of May 16, 2025, the investigation remains ongoing, with Coinbase disputing hackers’ claims of maintaining persistent “on-demand access” to customer information over five months.
The company’s security systems had previously flagged unauthorized access attempts by some of the involved individuals, leading to a swift quarantine of compromised agents upon final identification. Coinbase maintains that customer funds were never at risk during the incident and continues to cooperate fully with law enforcement investigations.
