Coinbase has confirmed that 69,461 users were affected in a data breach stemming from insider misconduct, with impacted individuals now receiving formal notification and one year of free identity protection services.
The breach, traced back to December 26, 2024, but only discovered in May 2025, involved contractors at overseas support centers who improperly accessed and shared sensitive customer information with unauthorized third parties.
According to a filing with the Maine Attorney General’s office and individual notification letters sent to victims, the breach exposed a broad range of personally identifiable information (PII), including:
- Full names, physical addresses, phone numbers, and email addresses
- Masked Social Security numbers (last four digits only)
- Masked bank account numbers and related identifiers
- Government-issued ID images (e.g., driver’s license, passport, or national ID)
- Account-specific details such as transaction history, account balances, and dates of account creation
Crucially, the data set did not include login credentials, private keys, or seed phrases — information that would directly compromise user funds. Coinbase emphasized that no customer wallets were at risk and that its Prime platform remained unaffected.
Founded in 2012, Coinbase is a prominent U.S.-based cryptocurrency exchange and one of the few publicly listed companies in the crypto sector. It plays a major role in enabling crypto trading for retail and institutional users alike, which amplifies the severity of any customer data breach.
Coinbase is offering all impacted individuals a one-year subscription to credit monitoring and identity theft protection through IDX. The package includes daily credit monitoring, identity restoration services in the event of fraud, a $1,000,000 insurance reimbursement policy, and dark web monitoring to detect leaked personal data.
To further protect users, Coinbase has implemented additional security measures on affected accounts. These include enhanced identity verification checks on large withdrawals and mandatory scam-awareness prompts to help prevent social engineering attacks.
The breach notification, signed by Coinbase’s outside counsel at Latham & Watkins LLP, marks the second such incident disclosed in under a year, raising ongoing concerns about insider risk management in crypto firms. Coinbase has committed to bolstering its internal oversight by establishing a new U.S.-based support center and deploying more advanced insider-threat detection systems.
Users are urged to remain vigilant, enable strong two-factor authentication (preferably hardware-based), and use withdrawal allow-listing to limit the risk of unauthorized fund transfers. Anyone contacted by individuals claiming to represent Coinbase, particularly if asked to share login information or move funds, should treat such outreach as fraudulent and report it immediately.
Customers impacted by the breach have until the deadline listed in their notification letter to enroll in the free protection services. Coinbase has also provided dedicated support channels for assistance and encouraged users to review updated security practices on its website.
Leave a Reply