Recommended reading

Coinbase admits data breach affected 69,000 customers - here's what you need to know

News
By published

Plenty of sensitive data was stolen

Bitcoin
(Image credit: Shutterstock / REDPIXEL.PL)
  • Coinbase filed a new form with the Maine Attorney General
  • It confirmed when the attack happened and how many people were affected
  • The company confirmed offering a bounty

We now know exactly how many people are affected by the recent Coinbase data breach - 69,461. The company confirmed the news in a new filing with the Office of the Maine Attorney General. In the filing, the company said that the attack took place in late December, 2024, and that it was spotted months later, in mid-May 2025.

It also shared a data breach notification letter it is sending out to affected people, in which it detailed what happened.

Apparently, threat actors bribed “a small number of individuals performing services for Coinbase” to have them exfiltrate sensitive customer data.

Save up to 68% on identity theft protection for Techradar readers

Save up to 68% on identity theft protection for Techradar readers

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

Extortions and bounties

These individuals, which were allegedly fired afterwards, stole identity information (names, dates of birth, last four digits of their social security numbers), masked bank account numbers and “some bank account identifiers”, addresses, phone numbers, email addresses, images of IDs, driver’s licenses, and passports, and different account information (transaction history, balance, transfers, and more).

The attackers then tried to extort Coinbase for $20 million, in exchange for deleting the data. Coinbase not only denied the offer, but also doubled-down on it, offering the exact same sum - $20 million, to whoever comes forward with actionable information about the identities or whereabouts of the attackers.

Earlier reports on Reuters claimed the attack might cost Coinbase between $180 million and $400 million, citing a regulatory filing the company submitted recently.

Besides offering a $20 million bounty, Coinbase also promised to “make customers whole” - by reimbursing anyone who can prove that they lost money after a social engineering attack made possible by the data stolen from the crypto exchange.

Coinbase also said it was working with law enforcement, and urged users to stay vigilant, create strong passwords, set up multi-factor authentication (MFA), and never share their login credentials with anyone.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.