Coinbase, the largest American cryptocurrency exchange, reported a serious data breach in May 2025. The Coinbase hack included theft of confidential customer data and an extortion attempt. According to CNBC, the entire damages resulting from this hack may cost Coinbase between $180 million and $400 million to fix, according to company estimates.
The hack occurred on May 11, when Coinbase received an email from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts and internal Coinbase documentation, which included materials regarding its customer service and account management systems.
The threat actor further demanded a ransom of $20 million in exchange for not publicly disclosing the stolen information. On May 15, Coinbase reported that the hack was carried out with the help of bribed overseas support agents that were able to access the internal customer support system to steal account data for a small subset of customers.
According to reports from the United States Securities and Exchange Commission, to identify the agents responsible and potential affected accounts, Coinbase tracked down oddities that were flagged by the company’s security monitoring in the past months where certain agents accessed customers’ data without business need.
Once the rogue agents were identified, they were promptly fired, and the company implemented heightened fraud monitoring protection measures. Coinbase also reached out to customers that were potential victims of the hack to warn them of any other potential misuse of their compromised data by the hackers.
The hack did not involve the compromise of passwords or private keys and customer funds. The compromised data of the customers include names, addresses, phone and email addresses; the last 4 digits of social security numbers; masked bank account numbers and some bank account identifiers; government ID images; account data, which includes balance snapshots and transaction history; and limited corporate data.
While an actual figure hasn’t been announced regarding the number of affected accounts, Natasha LaBranche, Coinbase spokesperson, commented in an interview with TechCrunch that the number of customers affected by the hack is less than 1% of the company’s 9.7 million monthly customers.
Following the incident of the hack, Coinbase has been reviewing and strengthening its fraud protection systems and has promised to reimburse affected customers that had previously sent funds to the hacker as a result of this incident after it has been confirmed that it was truly caused by the breach.
The company also plans on opening a new support hub in the US and taking further precautions with its security to reduce the chances of a similar incident happening again.
In response to the $20 million ransom demanded by the hacker, the company responded by stating in a blog post, “We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received.” Instead, we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for the attack.”
“For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice. And now you have my answer,” said Coinbase CEO Brian Armstrong in his video post on X.
Prior to the hack, Coinbase had purchased Deribit, a Dubai-based major derivatives exchange, for $2.9 billion, which marks the largest deal in the crypto industry. This purchase was to aid its expansion and also helped gain entry into the benchmark S&P stock index.
The hack led to a 6% loss in the company’s stock value as of May 15 in the early hours of trading, and it’s just slowly finding its stride as it currently reflects a slight increase of 1.3%.
