Coinbase Global Inc., the largest cryptocurrency exchange in the United States, has revealed that a data breach in December 2024 compromised sensitive personal information of 69,461 users.
The company disclosed the scope of the attack in a filing with the Maine Attorney General’s Office on Tuesday, weeks after confirming that cybercriminals demanded a $20 million ransom to prevent the stolen data from being released on the dark web.
The hack reportedly affected less than 1% of the company’s global user base, but has triggered multiple federal investigations and multiple lawsuits over how it handled the attack.
Bribery and social engineering led to the breach
According to the company and individuals familiar with the matter, attackers employed social engineering techniques to infiltrate Coinbase’s internal systems. The perpetrators targeted people working for the crypto exchange, specifically customer service agents working outside the United States, instead of exploiting technical vulnerabilities.
Coinbase alleged that the representatives, based in India, were bribed with cash in exchange for access to internal tools and client information. The compromised data includes names, addresses, nationalities, government-issued ID numbers, birth dates, and banking information.
The attackers also accessed account creation dates, user balances, and other know-your-customer (KYC) details. Coinbase did confirm that passwords, private keys, and user funds were not affected, but cybersecurity sleuths and users are worried they might use the information in identity theft and impersonation.
Rebuked ransom demand and regulatory response
Coinbase reported that it first received a ransom demand via anonymous email on May 11, several months after the data was initially exfiltrated, on December 26. The criminals threatened the crypto exchange that they would publish the stolen information on the dark web unless the company paid $20 million.
In its public filing, Coinbase disclosed that the attackers had already begun collecting user data by exploiting foreign-based support agents in the months leading up to the ransom note. All personnel implicated in the breach have since been terminated.
Washington, DC, authorities are looking into the hack as part of a criminal probe that the US Department of Justice initiated. Coinbase has maintained its stance of full cooperation with all relevant domestic and foreign law enforcement authorities.
Criticism over delayed disclosure
On Tuesday, American investor and founder of TechCrunch Michael Arrington denounced the company’s delay in informing the public. On social media platform X, Arrington told his followers that the human cost that could follow such a leak of personal data is “denominated in misery.”
“It probably has already caused harm,” Arrington explained. “The human cost is much larger than the $400 million or so they think it will actually cost the company to reimburse people.”
Arrington used the incident to criticize the existing KYC regulations, calling them both ineffective and dangerous. He argued that these laws, when coupled with corporate cost-cutting and lenient penalties for data breaches, create conditions ripe for abuse.
“Both governments and corporations need to step up to stop this. The cost can only be measured in human suffering,” he concluded.
I am a long time investor in and champion of @coinbase. Something that has to be said though – this hack – which includes home addresses and account balances – will lead to people dying. It probably has already. The human cost, denominated in misery, is much larger than the $400m… pic.twitter.com/ruSYKAGH7x
— Michael Arrington 🏴☠️ (@arrington) May 19, 2025
Coinbase estimates that the total financial exposure from the breach could range between $180 million and $400 million, covering customer reimbursements and remediation measures.
Mike Dudas, managing partner at web3 venture firm 6MV, believes he could be among the individuals targeted by the hackers. “It’s a major breach, the amount of personal information shared is staggering,” Dudas told reporters. He reiterated that the fallout could extend beyond identity theft, and the hackers may choose to intimidate crypto investors and executives.
KEY Difference Wire helps crypto brands break through and dominate headlines fast
