When Coinbase CEO Brian Armstrong disclosed last week that a group of hackers bribed overseas Coinbase support contractors to access customer information — including home addresses, selfies, and bank details — customers were aghast.
Many thought that the attack, which may cost it $400 million, was the extent of the trouble.
Now a legal filing shows that almost 70,000 users had their data compromised in December and the breach wasn’t discovered until May 11.
“Coinbase doesn’t seem to be terribly concerned with protecting their customers,” Molly White, a crypto researcher and critic, told DL News.
“In fact, Coinbase has made changes that seem to only make things worse.”
Big slip up
Big companies get hacked all the time. But Coinbase isn’t just another big company.
As the top crypto exchange in the US, Coinbase is an industry stalwart leading the campaign to win mainstream adoption of Bitcoin and its ilk. Its lobbyists are urging Washington lawmakers to pass new laws beneficial to digital assets.
For many new investors, Coinbase is the gateway — the app they download when they buy their first Bitcoin or Ether.
It’s the place where they link their bank accounts, upload their IDs, and assume their money and personal information are safe.
Warnings for months
But whistleblowers and cybersecurity experts have been calling out Coinbase’s security issues for some time.
In October 2024, pseudonymous blockchain sleuth ZackXBT exposed a scam against an elderly man who was targeted by Indian call scammers posing as Coinbase customer support.
ZackXBT said he had found over $5 million stolen by the same group, while later shining a light on at least three different scams that got away with upwards of $150 million.
It’s more than likely multiples of that number, he added.
“Every investigator under the sun has been feeding your teams evidence of these insane thefts and insiders for over six months,” cybersecurity expert Taylor Monahan, the lead security researcher at MetaMask, said on X.
Sophisticated attacks
What Monahan and others such as the Crypto Forensics Investigators have been flagging is a wave of highly sophisticated phishing attacks targeted against Coinbase customers.
This is when a scammer pretends to be someone trustworthy — such as a Coinbase customer support agent — to gain access to your account or trick you into sending them money.
The breach revived another potential attack vector in Coinbase’s security protocol — offshore customer service agents that might be paid low enough wages that would incentivise them to sell access to customer information.
Coinbase said it will improve safety guards including detection of insider threats, while CEO Brian Armstrong released a video in which he vowed to reimburse customers who were “socially engineered” by rogue employees to hand over key information.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
The company is also working with the US Department of Justice.
“We have notified and are working with the DOJ and other US and international law enforcement agencies and welcome law enforcement’s pursuit of criminal charges against these bad actors,” Paul Grewal, legal chief at Coinbase, said in a statement shared with DL News.
‘Very disappointed’
While hacks and exploits have become commonplace in many precincts of the crypto universe, this one is notable as it happened at one of the most visible companies in crypto.
“Very disappointed in Coinbase right now,” said Michael Arrington, the founder of Arrington Capital, a crypto VC firm, on X. “Using the cheapest option for customer service has its price. And Coinbase’s customers will bear that cost.”
If Coinbase knew about the leak for months, and had received warnings from cybersecurity experts, why didn’t the company act?
“That’s the million dollar question,” White told DL News. “I don’t know if they just don’t want to spend money on cybersecurity and customer support, or what.”
Inflection point
The episode is striking just as Coinbase has reached a pivotal stage in its development.
With a market capitalisation of $67 billion, the Delaware-based company’s shares have increased a modest 15% in the last 12 months even as Bitcoin has soared 59%.
In the first quarter, Coinbase took a hit as crypto swooned amid President Donald Trump’s tariff war — the company’s revenues slumped 10%, to $2 billion, compared with the same period last year.
And its net income fell 94%, to $66 million.
Yet the company is making moves to diversify its top line.
Earlier this month, Coinbase said it will acquire Deribit, a leading crypto options exchange, for $2.9 billion.
The deal, the biggest in Coinbase’s 13-year history, is designed to bolster the exchange’s business with institutional investors.
Just one day before it revealed the heist, Coinbase had been added to the benchmark S&P 500 Index, the first crypto-company to do so.
Now that it’s joining the big leagues, some users are demanding the company make moves in haste.
“Coinbase needs to urgently make changes as more and more users are being scammed for tens of millions every month,” said ZackXBT.
Pedro Solimano is a markets correspondent based in Buenos Aires. Got a tip? Email him [email protected].
