Excerpt from Mashable Article, Published on May 15, 2025.
Coinbase, the largest cryptocurrency exchange in the United States, has confirmed a significant data breach, igniting concerns across the cryptocurrency community. The breach, which targeted both internal systems and customer information, was disclosed after Coinbase received a ransom email from the attackers on May 11. The hackers demanded $20 million in exchange for not leaking sensitive data. In a bold move, Coinbase has refused to pay the ransom, instead announcing a $20 million reward fund for any information that leads to the arrest and conviction of those responsible.
The data breach was first publicly acknowledged in a filing with the U.S. Securities and Exchange Commission. According to Coinbase, the breach was orchestrated through unauthorized access by overseas contractors and support agents. These individuals, while having legitimate access to the systems, were found accessing data without a business need. Coinbase swiftly terminated the involved contractors and notified affected customers. Although Coinbase confirmed that user credentials, wallets, and crypto funds were not compromised, the stolen data includes names, email addresses, phone numbers, physical addresses, masked bank account numbers, partial social security numbers, and photos of government-issued IDs. Additionally, hackers accessed users’ transaction histories and balance information. Limited internal company data such as training documents and support agent communications were also exposed.
Coinbase estimates that around 100,000 users were affected, representing less than 1 percent of its monthly active users. CEO Brian Armstrong addressed the breach in a video statement, pledging stronger security measures and restructuring customer support operations to prevent future incidents. He also promised to reimburse users who lose funds due to social engineering attacks linked to the breach. This incident marks a serious cybersecurity challenge for Coinbase and the cryptocurrency sector at large, emphasizing the critical need for robust data protection in an industry built on digital trust.
To delve deeper into this topic, please read the full article Mashable.
