Coinbase, the largest cryptocurrency exchange in the United States, disclosed a serious data breach in May 2025, affecting less than 1% of its users. Hackers bribed overseas support agents to steal personal data, prompting Coinbase to provide a $20 million bounty to obtain information that led to the culprit. The company could cost the company up to $400 million, raising concerns about the security of centralized transactions.
$400 million Coinbase violations are less than 97,000 users
On May 15, 2025, Coinbase revealed a major cybersecurity incident involving theft of personal data from a small number of customers, estimated to be less than 1% of its monthly transaction users (MTUS), with approximately 97,000 customers reporting 9.7 million MTUS in their annual report for March 2025, according to the company’s 9.7 million MTUS.
Cyber criminals bribed and recruited rogue overseas support agents to obtain <1% Coinbase MTU's personal data. No password, private key or funds were exposed. The main account is not touched. We will repay the impact that affects our customers. More information: https://t.co/sidvn59jcv
– coinbase🛡️ (@coinbase) May 15, 2025
Hackers planned violations by bribing and recruiting rogue overseas support agents and contractors, who leaked sensitive information, including names, phone numbers, addresses, government IDs, some social security numbers and account details. no Password, private key or funds are damagedCoinbase’s main account remains unaffected. The company estimates that the financial impact may range from $180 million to $400 million, covering customer reimbursement and recovery efforts.
Read more: Coinbase is trapped in a $15 million carpet scandal – is it basically still safe?
The attacker demanded a $20 million ransom to withhold data stolen in public releases, something Coinbase refused to pay. Instead, the exchange fired participants, announced plans to file lawsuits against criminal charges, and established a $20 million reward fund for information that led to the arrest and conviction of the offender.
Coinbase’s security track record under review
This vulnerability adds to Coinbase’s history of security challenges.
Read more: Is Coinbase safe?
The exchange faces previous events, including 2021 hacking attacks affecting more than 6,000 users, which exploited flaws in SMS-based two-factor authentication (2FA) through phishing scams, and the 2023 attempt by the Octopus Hacker Group did not harm user funds.
Despite strong security measures such as storing 98% of assets in offline cold storage, AES-256 encryption and insurance for hot wallets – Coinbase is still struggling to deal with technical issues such as server crashes and account recovery vulnerabilities during high traffic. These incidents fuel user suspicion, and some reporting difficulties have received timely support.
The 2025 violations are attributed to insider threats rather than direct system hacking, highlighting the risk of human error in centralized communication. TechCrunch reported Hackers target support staffleverage their access to sensitive systems. This strategy echoes the 2023 phishing attacks associated with the 0Ktapus group that briefly damaged Coinbase’s system.
According to blockchain investigator Zackxbt, in early May 2025, Coinbase users were stolen more than $45 million through social engineering scams. These incidents show that organized criminal groups are increasingly targeting crypto platforms and their users.
Zachxbt: Yesterday, he cheated a Coinbase user for $34.9 million (400.099 BTC). Other suspected thefts by Coinbase users have also brought the total thefts this month to more than $46 million in the past two weeks. Every time the stolen funds are bridged through… from Bitcoin to Ethereum…
– WU Blockchain (@WublockChain) March 28, 2025
