#SecurityAlert
Massive Data Breach Hits Coinbase: 70,000 Users Affected
Breach Overview
Coinbase has disclosed a significant security breach that compromised the personal data of 69,461 customers. The attack, traced back to December 26, 2024, remained undetected until May 2025. Cybercriminals recruited customer service agents to access sensitive data, including names, addresses, phone numbers, ID documents, transaction histories, and partially masked bank information.
Ransom Refused
The attackers demanded a $20 million ransom, which Coinbase refused. Documents filed with the Maine Attorney General describe the breach as an “internal wrongful act.” Coinbase now anticipates up to $400 million in reimbursement and repair costs, pledging to cover losses from social engineering attacks related to the breach.
Investor Reaction
Following the announcement, Coinbase's stock dropped by 7%, reflecting shaken investor confidence in crypto exchange security.
Broader Implications
The breach has reignited concerns over Know Your Customer (KYC) data management and protection of sensitive user information. Experts warn that data leaks increase risks of extortion and theft.
Security Recommendations
Users are strongly advised to enable two-factor authentication and withdrawal whitelists to safeguard their assets.
This incident underscores the urgent need for stronger cybersecurity measures as the crypto sector gains wider institutional and mainstream adoption.