TLDR
- Coinbase confirmed a cyberattack that targeted the personal data of select users.
- The hackers gained access by bribing overseas customer support agents.
- The attackers stole users’ names, addresses, and partial identity details.
- Coinbase stated that no passwords, funds, or private keys were accessed.
- The hackers made a ransom demand, but Coinbase refused to pay.
Coinbase has confirmed a targeted cyberattack that exposed user data and triggered a major investigation. The attackers accessed personal information and demanded a ransom, but Coinbase refused to pay. The company now pledges full reimbursement for affected users while enforcing stricter internal security measures.
Targeted Cyberattack Breaches Coinbase User Data
Hackers infiltrated Coinbase systems by bribing overseas support agents and accessing limited customer data. They retrieved users’ names, addresses, contact details, and partial identity information but failed to access sensitive login credentials or funds. Coinbase reported that this breach impacted less than 1% of its users.
The attackers attempted to ransom the stolen data by directly emailing exchange users, but the company refused all ransom demands. The platform clarified that no Prime accounts were affected, and no private keys or funds were accessed. The exchange stated that hot and cold wallets remained fully secure throughout the incident.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
Coinbase flagged compromised accounts to mitigate further risk and introduced enhanced withdrawal verification protocols. These include additional ID checks and scam-awareness prompts on all large transactions. The company also immediately restricted accounts showing suspicious activity linked to the breach.
Coinbase Launches Countermeasures and Reimbursement Plans
Coinbase established a $20 million reward fund to identify and capture the perpetrators in response to the breach. This bounty aims to encourage information sharing that could lead to arrests and the recovery of stolen data. Investigators are now working with international authorities to trace the cybercriminals’ activities.
The exchange opened a new U.S.-based support hub to centralize and tighten customer service operations. The hub applies improved security protocols and limits access to sensitive user information. All customer support teams now operate under stricter monitoring to prevent further infiltration.
Users affected by social engineering attacks linked to the breach can now file claims for reimbursement. Coinbase pledged to compensate customers who were deceived into sending funds under pretenses. The company continues to update users as its investigation progresses.
Global Context and Ongoing Threats to Crypto Security
The exchange breach comes shortly after Telegram cracked down on the darknet marketplace Haowang Guarantee, highlighting a broader cybersecurity threat. As hacking techniques evolve, exchanges like Coinbase face increasing pressure to upgrade defenses and protect customer data. The crypto sector remains a key target for organized cybercrime.
Coinbase emphasized that despite the breach, no user funds were stolen and no private account access was compromised. The company maintained full control over financial assets and prevented attackers from accessing wallets. All account activity logs are being reviewed for further anomalies.
In 2024, WazirX, another major exchange, suffered a larger breach involving a $230 million theft, forcing operations to halt. That incident remains unresolved, drawing comparisons with the exchange breach. However, the exchange retained operational continuity and has committed to full transparency and customer protection.
Also Read: Coinbase Makes History as First Crypto Company to Join S&P 500
