Coinbase Data Breach Affects 69,461 Users in the United States

On December 26, 2024, Coinbase experienced a data breach affecting 69,461 individuals in the United States, including approximately 217 residents in Maine and 2 in Massachusetts. The breach was discovered on May 11, 2025, and was reported to the California Attorney General on May 20, 2025, and to the Maine Attorney General on May 21, 2025.

The incident involved a small number of individuals performing services for Coinbase at overseas retail support locations. These individuals improperly accessed customer information and, in some cases, shared it with a third party.

The breach did not include passwords, seed phrases, private keys, or any other information that would allow direct access to accounts or funds. However, the exposed data is extensive and includes personally identifiable information (PII) such as name, date of birth, masked social security numbers (last four digits), masked bank account numbers, bank account identifiers, address, phone number, email address, images of government identification (driver’s license, passport, or national identity card), as well as account information like transaction history, balance, transfers, and the date the account was opened.

After Coinbase terminated the individuals responsible and implemented stricter security controls, a third party attempted to extort the company for $20 million, claiming to have access to customer data. Coinbase Prime accounts were not affected during this incident.

Coinbase's response

The company fired the individuals involved and referred the matter to U.S. and international law enforcement agencies, pressing for criminal charges.

Additionally, Coinbase has introduced a range of new security measures, including:

• Enhanced ID checks for large withdrawals and mandatory scam-awareness prompts on flagged accounts.
• A $20 million reward fund for information leading to the attacker’s arrest and conviction, rather than paying the extortion demand.
• Increased investment in insider-threat detection, automated response, and regular security simulations to identify and address vulnerabilities.
• The opening of a new U.S.-based support hub and the strengthening of security controls and monitoring across all support locations.
• Ongoing collaboration with industry partners to tag the attackers’ addresses and assist authorities in tracking and recovering stolen assets.
• Transparent communication with customers, including a detailed blog post and a dedicated call center for support.

For those affected, Coinbase is offering free one-year credit monitoring and identity protection services through IDX, which includes credit monitoring, a $1,000,000 insurance reimbursement policy, identity restoration, and dark web monitoring. Affected customers are encouraged to enroll in these services and to remain vigilant for possible social engineering or phishing attempts. Coinbase has also provided detailed guidance on how to protect personal information, such as enabling strong two-factor authentication, using withdrawal allow listing, and reviewing security best practices at Coinbase’s security page.

If you receive suspicious calls, texts, or emails claiming to be from Coinbase, do not share account information or transfer assets. Instead, lock your account in-app and contact Coinbase support or email security@coinbase.com.