On May 15, 2025, Coinbase, the largest U.S.-based cryptocurrency exchange, confirmed a major data breach involving the theft of sensitive customer information. According to AP News, cybercriminals accessed the data by bribing external customer support agents and are now demanding $20 million in Bitcoin to prevent public release.
The stolen data includes:
-
Names, addresses, and contact details
-
Partial Social Security numbers
-
Masked bank account numbers
-
Government-issued ID images
-
Account transaction histories
Fortunately, no passwords, private keys, or funds were compromised. (The Register)
Coinbase CEO Brian Armstrong publicly stated that the company will not pay the ransom, and instead is offering a $20 million reward for information leading to the arrest of the perpetrators (The Register).
The incident could cost Coinbase between $180 million and $400 million, covering security upgrades, legal fees, and customer reimbursements. (Reuters)
To prevent future attacks, Coinbase has fired the compromised support contractors and is building a new U.S.-based support center. (The Register)
The attack occurred just days before Coinbase’s inclusion in the S&P 500 index on May 19, a historic moment for both the company and the crypto industry. (Financial Times)
