According to documents submitted by Coinbase to the Maine Attorney General’s Office, the recent customer data leak incident involving Coinbase affected the personal information of 69,461 users, with remediation and compensation costs estimated between $180 million and $400 million.
(Background: Coinbase’s “data leak and inaccurate user numbers” under investigation by the SEC, resulting in a single-day stock drop of 7%)
(Supplementary background: Detailed analysis of Coinbase’s Q1 financial report: net profit plummeted by 94%, acquisition of Deribit to tackle derivatives)
Coinbase Confirms Data Leak Incident
Last week, the largest cryptocurrency exchange in the United States, Coinbase, announced a serious data leak incident. The announcement indicated that external parties infiltrated Coinbase’s internal systems through social engineering and bribery, resulting in approximately 1% of user data being compromised. The hackers demanded a ransom of up to $20 million, threatening to publish the leaked data on the dark web if the ransom was not paid.
This week, Coinbase submitted a more detailed documentation to the Maine Attorney General’s Office, revealing that the data leak originated from an incident on December 26, 2024, affecting the personal information of 69,461 users.
Review of the Coinbase Data Leak Incident
The leak began on December 26, 2024, and continued for several months until May 11, 2025, when Coinbase received a ransom email from an unknown threat actor. The email claimed to have stolen a significant amount of customer data and internal documents, demanding a payment of $20 million to prevent disclosure. Notably, Coinbase’s internal security monitoring system had detected unusual activity months prior but only confirmed the incident after the ransom email was received.
Unlike traditional external hacking attacks, this incident was triggered by the misconduct of insider personnel. Criminals exploited social engineering techniques, using cash bribes to entice customer service agents or contractors at Coinbase’s overseas customer support center to illegally extract data from internal systems. These employees had access to customer information but were not authorized to handle funds, becoming a vulnerability for the attackers.
The leaked data primarily involved “Know Your Customer” (KYC) information, including:
- Names, addresses, emails, phone numbers.
- Government-issued identification (such as driver’s licenses, passports, or national ID numbers).
- Some bank account information (such as masked account numbers and partial bank identifiers).
- Account information, including transaction history, balances, transfer records, and account opening dates.
According to Coinbase’s statement, passwords, seed phrases, private keys, and user funds were not affected, and Prime accounts were also unaffected.
Coinbase’s Response Measures
Currently, Coinbase’s response and measures include:
- Refusing to pay the $20 million ransom and establishing a $20 million reward for information leading to the arrest of the criminals.
- Firing involved employees and strengthening internal security monitoring.
- Offering one year of free credit monitoring and identity theft protection services to the affected 69,461 users, including dark web monitoring and up to $1 million in insurance compensation.
Coinbase estimates the remediation and compensation costs for this incident to be between $180 million and $400 million.
Coinbase Stock Rebounds
Although Coinbase’s stock initially saw a significant drop following the news, according to Google data, the stock has rebounded, with a near 5-day increase of 1.18%, closing at $258.99 on the 21st.
Related Reports
- Coinbase joins the S&P 500 index, marking a milestone for cryptocurrency toward mainstream acceptance.
- What remains for Coinbase without compliance aura?
- Circle submits “IPO application” with a valuation looking at $5 billion, why is Coinbase the hidden winner of USDC?