In May 2025, Coinbase announced that a group of cybercriminals bribed support contractors outside the U.S. and gained access to confidential customer data on the platform. The cryptocurrency exchange claims that the attackers used the stolen information to impersonate Coinbase employees to deceive customers and extort $20 million. Instead of meeting the criminals' demands, the exchange offered a reward for assistance in capturing them for the same amount.

Coinbase noted that as a result of the attack, personal data of less than 1% of active users on the platform was compromised. Among the information that fell into the hands of the cybercriminals were names, addresses, contact details, partially obscured social security numbers and bank account numbers, as well as images of identification documents.