Crypto platform Coinbase has confirmed a serious data breach involving insider collusion that led to the theft of sensitive customer information, including government-issued IDs and partial Social Security numbers.
In a regulatory filing submitted this week, Coinbase revealed that a hacker approached the company with proof of stolen data and demanded a $20 million ransom in exchange for not releasing the information. CEO Brian Armstrong confirmed the extortion demand on social media but said the company will not pay.
The breach, according to Coinbase, occurred after multiple support contractors based outside the U.S. were paid by the hacker to extract internal data from company systems. These individuals had legitimate access to Coinbase’s backend as part of their job responsibilities. All implicated contractors have since been terminated, the company said.
What Was Stolen in the Coinbase Data Breach?
The attacker exfiltrated a range of personally identifiable information (PII), including:
- Full names, email and physical addresses
- Phone numbers
- Last four digits of Social Security numbers
- Masked bank account numbers and transaction histories
- Government-issued ID documents such as driver’s licenses and passports
- Account balances and other financial metadata
Additionally, the hacker reportedly gained access to some internal corporate documents, though Coinbase has not disclosed the extent of that breach.
While the company said the breach was detected months ago, it only disclosed the full scope after the attacker contacted them this week. Coinbase claims it has since notified affected customers, who account for less than 1% of its 9.7 million monthly users, according to the latest March 2025 report.
Security Overhaul Underway—But the Cost Could Be Massive
In response to the breach, Coinbase is opening a new U.S.-based customer support hub to reduce risk and increase oversight of sensitive operations. The company also pledged to enhance its internal cybersecurity defenses.
Despite the mitigation steps, the incident could prove costly. Coinbase estimates the breach will result in $180 million to $400 million in expenses for remediation and customer reimbursements.
The company has not said if stolen documents were used for fraud but has urged users to remain vigilant against phishing and identity theft. Coinbase has also involved law enforcement and continues to investigate how deeply systems were compromised.
This breach is one of the most severe insider incidents in the crypto industry to date—and it underscores the rising risk of internal access exploitation across global support operations.
