Coinbase, a major cryptocurrency exchange, disclosed a data breach that compromised sensitive information of more than 69,000 users. The breach, which took place in December 2024, was caused by insider misconduct involving overseas outsourced customer support agents who accepted bribes to provide unauthorized data access. Although attackers accessed personal details such as names, addresses, phone numbers, emails, and government ID images, private keys and account login credentials remained secure.
Discovered only in May 2025, Coinbase immediately took internal security measures to contain the breach. The exchange reported the incident to Maine regulators and notified impacted users, offering a one-year protection package including credit monitoring, dark web tracking, identity restoration support, and a $1 million insurance reimbursement policy.
The attackers demanded a $20 million ransom, which Coinbase refused to pay, opting instead to cooperate with law enforcement, including the U.S. Department of Justice, and announced a $20 million bounty for information leading to the perpetrators' capture. Coinbase also confirmed its commitment to reimburse users for any verified losses related to the breach.
Following the disclosure, Coinbase has faced heightened scrutiny and several class-action lawsuits alleging inadequate security measures. These lawsuits seek financial compensation and stronger data protection protocols. The breach may cost Coinbase between $180 million and $400 million, factoring in remediation and legal expenses.
Coinbase CEO Brian Armstrong addressed the incident publicly, and the company has since strengthened internal protocols to mitigate future insider threats. The event highlights ongoing regulatory and security challenges within major crypto exchanges.