Coinbase, the largest cryptocurrency exchange in the United States, has confirmed a major data breach from December 2024 that exposed sensitive personal information of 69,461 users. Hackers demanded a $20 million ransom to prevent the leaked data from being published on the dark web.
The scale of the attack was disclosed in a filing with the Maine Attorney General. Although Coinbase stated that less than 1% of its global user base was impacted, the breach has triggered multiple federal investigations and potential lawsuits regarding the company’s handling of the incident.
💼 Hackers Bribed Foreign Support Agents to Gain Access
According to Coinbase and sources familiar with the matter, the breach was made possible through social engineering, not through technical vulnerabilities. Attackers targeted customer support agents working overseas — specifically in India — and bribed them with cash in exchange for access to internal systems.
This gave hackers access to personal information, including names, addresses, dates of birth, nationalities, government-issued IDs, banking details, account balances, and KYC-related data. While passwords, private keys, and crypto funds were not compromised, cybersecurity experts warn that such information can still be used for identity theft, impersonation, and fraud.
🕵️♂️ Ransom Demands and Delayed Disclosure
Coinbase revealed it received an anonymous ransom email on May 11, several months after the breach took place on December 26. The attackers threatened to leak the stolen information online unless the company paid a $20 million ransom — a demand that Coinbase ultimately refused.
The company stated that it had already identified and dismissed the employees involved in the incident and is fully cooperating with U.S. authorities, including the Department of Justice, which has launched a criminal investigation.
📢 Public Backlash Over Coinbase’s Silence
The company’s delayed disclosure has sparked widespread criticism. Tech investor and TechCrunch founder Michael Arrington condemned Coinbase’s timing, arguing that real people could already be suffering consequences from the breach.
“This has likely already caused harm,” Arrington wrote on X. “The damage can’t just be measured in dollars — it’s measured in human suffering.”
He also criticized existing KYC (Know Your Customer) rules, claiming they provide a false sense of security while exposing users to unnecessary risk. Arrington called for stronger data protection laws and corporate accountability.
“Governments and corporations need to act. The cost of inaction is human suffering,” he added.
💸 Potential Losses Could Top $400 Million
Coinbase estimates the fallout from the breach could cost between $180 million and $400 million, including customer reimbursements, legal expenses, and increased security measures.
Mike Dudas, managing partner at Web3 venture firm 6MV, believes he may be among those affected. He called the breach “a staggering leak of personal data,” warning that the consequences may extend beyond identity theft and include intimidation or blackmail of high-profile figures in the crypto industry.
💬 As crypto companies scale globally, are they doing enough to protect sensitive user data from insider threats?
#CyberSecurity , #CryptoNewss , #Cryptoscam , #CryptoFraud , #coinbase
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“