Coinbase breach affected nearly 70,000 members and involved $20 million ransom

A recent, high-profile breach of cryptocurrency platform Coinbase affected nearly 70,000 users.

Coinbase, one of the most-used and well-known crypto exchanges, revealed today that 69,461 people had been affected in the breach. That's according to an official filing with Maine's attorney general, which is required by law in the state. (For the curious Mainers out there, "approximately 217" people in the state were affected.)

The filing noted that the breach occurred on December 26, 2024 and was not discovered until May 11, 2025. It also listed "insider wrongdoing" as the official description of the breach.

The breach from Coinbase is a frightening one. The company wrote in a blog post that hackers recruited customer-support agents to gain access to user data. That data included customer names, addresses, phone numbers, contact info, government documents, account balances, and transaction histories. A major fear is that the hackers could access — or even threaten users in order to access — their crypto holdings.

In a blog post about the breach, the company wrote:

Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers.

We now know that "small subset" was nearly 70,000 people. Coinbase wrote in that same blog post that it received a ransom note extorting the company for $20 million, which it did not pay. Instead, the company said, it established a "$20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack."

Have a story to share about a scam or security breach that impacted you? Tell us about it. Email [email protected] with the subject line "Safety Net" or use this form. Someone from Mashable will get in touch.