A devastating security breach at Coinbase exposed nearly 70,000 customers to identity theft risks when corrupt overseas support agents sold sensitive user data to cybercriminals. The breach, lasting from December 2024 to May 2025, compromised names, addresses, and government IDs – though crypto assets remained secure. Coinbase’s response included free credit monitoring and a hefty $20 million bounty for the perpetrators. The incident’s full impact on the crypto industry continues to unfold.
A massive data breach at cryptocurrency exchange Coinbase has left nearly 70,000 customers exposed to potential identity theft and fraud. The incident, discovered in May 2025, revealed that overseas contractors and customer support agents had been secretly selling sensitive user data since December 2024. Talk about an inside job gone wrong.
The breach affected less than 1% of Coinbase’s monthly users, but the damage was extensive. Thieves made off with everything from names and addresses to partial Social Security numbers and government IDs. Even masked bank account numbers and transaction records weren’t spared. At least they couldn’t grab private keys or login credentials – small comfort for those affected. The hackers gained access to sensitive passport numbers and national identity cards. After discovering the breach, Coinbase waited just four days to report it to authorities.
Despite affecting only a fraction of users, the Coinbase breach exposed critical personal data – leaving thousands vulnerable to identity theft.
The attack’s execution was surprisingly simple. Corrupt overseas support agents, enticed by bribes, abused their legitimate access to download and transfer sensitive data. Coinbase quickly fired the bad actors, but the damage was done. So much for thorough contractor screening. The incident highlighted the ongoing issues with DeFi platform security that plague the cryptocurrency industry.
Coinbase’s response was swift but expensive. They alerted affected users and regulatory authorities while offering a generous compensation package: one year of free credit monitoring, identity theft protection, and dark web monitoring through IDX. They even threw in a $1 million insurance policy for good measure. Instead of paying ransom demands, Coinbase put up a $20 million bounty for information about the perpetrators. That’s quite a price tag for revenge.
The fallout has been severe. Multiple lawsuits are targeting Coinbase for allegedly failing to protect user data adequately. Regulators are circling like hawks, scrutinizing the exchange’s security practices and compliance measures. The incident has become a wake-up call for the entire crypto industry.
For affected users, the nightmare is just beginning. Their exposed personal information makes them prime targets for identity theft, social engineering attacks, and sophisticated scams. While their crypto assets remain secure, their personal data is out there – somewhere in the digital wilderness, waiting to be exploited. Sometimes the biggest threats come from inside the house.
