Coinbase Discloses Data Breach Affecting Less Than 1% of Users

Coin WorldTuesday, Jun 3, 2025 2:27 am ET
1min read
BTC0.00%COIN0.00%

Coinbase, a prominent cryptocurrency exchange, was aware of a data breach involving customer information as early as January. The breach was linked to an outsourcing company, where an employee based in India was suspected of photographing her work computer screen and selling the information to hackers for bribes. This incident was part of a broader campaign targeting multiple service providers, including Coinbase. The company reported the activity to its client immediately and terminated the two employees involved.

The breach was publicly disclosed by Coinbase in an SEC filing on May 14, followed by a blog post on May 15. The company revealed that hackers had obtained customer names, addresses, masked bank details, and identity documents through compromised support staff. No funds or passwords were compromised. On May 11, Coinbase received a $20 million Bitcoin ransom demand, which the company refused to pay. Instead, Coinbase offered a $20 million bounty for information leading to the arrest of the attackers.

The breach affected less than 1% of Coinbase's users. In response, Coinbase has cut ties with the outsourcing company and other overseas agents involved in the incident. The company has also claimed to have strengthened its internal controls to prevent similar incidents in the future. The breach has sparked a shareholder lawsuit, with investor accusing Coinbase of violating securities laws by failing to disclose the breach promptly and alleging that the company concealed prior regulatory issues.

This is not the first time the outsourcing company has been accused of a data breach. In 2022, the company was sued over alleged failures to protect customer data stemming from a breach of crypto wallet maker’s servers two years prior. The lawsuit claimed that the company was aware of the data breach for over a week before notifying customers. Customers remain the victims of scams and phishing attacks following the hack and leak of hundreds of thousands of hardware wallet owners’ personal data.

Comments



Add a public comment...
No comments

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.