Do Son 
Cryptocurrency exchange Coinbase has faced a serious security incident involving the leak of customer data. According to the company, malicious actors gained access to internal customer support tools and exfiltrated personal information belonging to a subset of users.
It was revealed that the attackers orchestrated their operation by targeting unscrupulous overseas support staff. These individuals were offered bribes to extract data from internal client systems. Coinbase stated that only a small number of support employees based in India were involved, all of whom have since been dismissed. The data breach reportedly affected less than 1% of the platform’s monthly active users—fewer than 97,000 individuals out of a total user base nearing 9.7 million.
The aim of the attack was to compile a list of users who were subsequently targeted with social engineering schemes, designed to trick them into transferring cryptocurrency to fraudulent accounts. Impersonating Coinbase representatives, the perpetrators used deceptive tactics to gain victims’ trust. Although no accounts were technically breached, and passwords, private keys, and wallet balances remained secure, some users were nevertheless duped into voluntarily handing over their funds to cybercriminals.
The stolen data includes names, addresses, phone numbers, email addresses, masked Social Security numbers (last four digits only), partially redacted bank account details, images of identity documents such as driver’s licenses and passports, as well as account balances and transaction histories. In addition, internal Coinbase documents, training materials, and agent-facing communications were also compromised.
On May 11, 2025, the attackers attempted to extort $20 million from Coinbase in exchange for withholding the data from public release. The company refused to comply and immediately notified regulatory authorities and the media. According to Fortune, no evidence was found of breaches affecting Coinbase Prime premium accounts.
Coinbase has pledged to reimburse all affected users who fell victim to the fraud. In response to the incident, the company has introduced enhanced security protocols—such as stricter withdrawal verification for suspicious accounts and new safeguards within the infrastructure to mitigate insider threats.
To encourage cooperation in the investigation, Coinbase has established a $20 million reward fund for information leading to the arrest and prosecution of those responsible. Additionally, customers are advised to enable withdrawal address whitelisting, activate two-factor authentication, and remain vigilant when interacting with unknown individuals, even if they claim to be representatives of the exchange.
Donate