Coinbase has officially confirmed that at least 69,461 customers had their sensitive personal and financial data compromised during a prolonged security breach. The incident, which persisted for several months, was formally disclosed by the cryptocurrency exchange following a ransom attempt.
Details of the Security Failure
The extent of the unauthorized access was revealed in a filing with Maine’s attorney general this Wednesday. Under state data breach notification laws, the company was required to disclose the specific number of affected individuals.
According to company records, the security lapse began on December 26, 2024, and remained active until early May 2025. The breach was finally identified after the exchange received a “credible” ransom demand from an attacker claiming possession of the stolen database.
Ransom Demand and Internal Manipulation
In an official statement, Coinbase revealed that the perpetrator demanded a $20 million payment in exchange for the deletion of the stolen files. The company explicitly refused the extortion attempt.
The investigation uncovered a sophisticated attack vector: the hacker successfully bribed Coinbase customer support employees. This internal manipulation granted the unauthorized party access to internal systems over several months, bypassing standard security protocols.
Data Exposed and Security Risks
The information exfiltrated during the breach is extensive, raising significant concerns regarding the safety of high-net-worth users. The compromised data includes:
- Full customer names
- Email and postal addresses
- Phone numbers
- Government-issued identity documents
- Account balances and detailed transaction histories
Security experts warn that the exposure of such granular financial data leaves affected users at a high risk for targeted phishing attacks, identity theft, and potential physical security threats.