After months of undetected data theft, cryptocurrency exchange Coinbase revealed that nearly 70,000 users had their personal information compromised in a major security breach coordinated through bribed overseas customer service agents.
The breach, which occurred in December 2024, remained undiscovered until May 2025 when hackers demanded a $20 million ransom from the company, which Coinbase refused to pay.
The scope of exposed data proved extensive, encompassing users’ names, addresses, phone numbers, email addresses, partial social security numbers, and government ID images. During this period, Bitcoin reached an all-time high of approximately $111,838.
Furthermore, sensitive financial information including account balances and bank account identifiers was compromised, leading to estimated remediation costs between $180 million and $400 million.
The massive data breach exposed critical financial details, forcing Coinbase to allocate up to $400 million for remediation efforts.
Coinbase initiated its response on May 15, 2025, notifying affected users via email and offering thorough protection measures including one year of free credit monitoring, identity protection services, and dark web monitoring.
The company likewise established a $1 million insurance reimbursement policy for impacted users, demonstrating its commitment to customer protection.
The incident has sparked multiple legal challenges, with several lawsuits filed against Coinbase alleging inadequate security measures.
The company has engaged with both the US Department of Justice and Securities and Exchange Commission, while concurrently filing necessary disclosures with the Maine Attorney General’s Office.
In response to the breach, Coinbase announced plans to relocate certain overseas customer support operations and improve its cyber defense capabilities.
The company has offered a $20 million bounty for information leading to the arrest of those responsible, highlighting the severity of the security breach and its commitment to preventing future incidents.
The breach emphasizes the growing challenges of insider threat detection within financial institutions, particularly when dealing with overseas operations.
Among those affected, over 200 users resided in the state of Maine, prompting additional state-level investigations.
As investigations continue, Coinbase faces the complex task of strengthening its security protocols while maintaining operational efficiency, accentuating the critical balance between accessibility and protection in the digital finance sector.
