Coinbase Bleeds User Data: 69K Accounts Exposed in 2024 Breach

Another day, another crypto exchange security failure—this time hitting 69,461 Coinbase users. The December 2024 heist leaked sensitive data while the platform assured everyone ’funds were safe’ (cold comfort when your KYC docs are floating on the dark web).

Security? More like ’hope nobody notices.’ Wall Street would’ve fined a traditional bank into oblivion for this—but in crypto-land, it’s just another Tuesday.

Bribery and social engineering led to the breach

According to the company and individuals familiar with the matter, attackers employed social engineering techniques to infiltrate Coinbase’s internal systems. The perpetrators targeted people working for the crypto exchange, specifically customer service agents working outside the United States, instead of exploiting technical vulnerabilities.

Coinbase alleged that the representatives, based in India, were bribed with cash in exchange for access to internal tools and client information. The compromised data includes names, addresses, nationalities, government-issued ID numbers, birth dates, and banking information. 

The attackers also accessed account creation dates, user balances, and other know-your-customer (KYC) details. Coinbase did confirm that passwords, private keys, and user funds were not affected, but cybersecurity sleuths and users are worried they might use the information in identity theft and impersonation.

Rebuked ransom demand and regulatory response

Coinbase reported that it first received a ransom demand via anonymous email on May 11, several months after the data was initially exfiltrated, on December 26. The criminals threatened the crypto exchange that they would publish the stolen information on the dark web unless the company paid $20 million.

In its public filing, Coinbase disclosed that the attackers had already begun collecting user data by exploiting foreign-based support agents in the months leading up to the ransom note. All personnel implicated in the breach have since been terminated.

Washington, DC, authorities are looking into the hack as part of a criminal probe that the US Department of Justice initiated. Coinbase has maintained its stance of full cooperation with all relevant domestic and foreign law enforcement authorities.

Criticism over delayed disclosure 

On Tuesday, American investor and founder of TechCrunch Michael Arrington denounced the company’s delay in informing the public. On social media platform X, Arrington told his followers that the human cost that could follow such a leak of personal data is “denominated in misery.”

“It probably has already caused harm,” Arrington explained. “The human cost is much larger than the $400 million or so they think it will actually cost the company to reimburse people.”

Arrington used the incident to criticize the existing KYC regulations, calling them both ineffective and dangerous. He argued that these laws, when coupled with corporate cost-cutting and lenient penalties for data breaches, create conditions ripe for abuse.

“Both governments and corporations need to step up to stop this. The cost can only be measured in human suffering,” he concluded.

I am a long time investor in and champion of @coinbase. Something that has to be said though – this hack – which includes home addresses and account balances – will lead to people dying. It probably has already. The human cost, denominated in misery, is much larger than the $400m… pic.twitter.com/ruSYKAGH7x

— Michael Arrington 🏴‍☠️ (@arrington) May 19, 2025

Coinbase estimates that the total financial exposure from the breach could range between $180 million and $400 million, covering customer reimbursements and remediation measures.

Mike Dudas, managing partner at web3 venture firm 6MV, believes he could be among the individuals targeted by the hackers. “It’s a major breach, the amount of personal information shared is staggering,” Dudas told reporters. He reiterated that the fallout could extend beyond identity theft, and the hackers may choose to intimidate crypto investors and executives.

KEY Difference Wire helps crypto brands break through and dominate headlines fast