Ethical Hacking News
Coinbase has confirmed a major breach involving nearly 70,000 customers, with sensitive data including names, addresses, phone numbers, and financial information stolen by overseas support staff who were bribed by criminals. The attack is estimated to have cost $180 million to remediate, and the company is offering identity protection and credit monitoring services to affected users.
The breach affected nearly 70,000 customers of Coinbase, resulting in the theft of sensitive data. The breach included names, addresses, phone numbers, email addresses, Social Security Numbers, bank account information, and government ID images. Overseas support staff were bribed to facilitate the data theft, with all affected staff fired. The estimated cost of remediating the attack ranges from $180 million to $400 million. Coinbase is advising customers to remain vigilant and upping account security measures, including strong 2FA and Withdrawal Allow Listing.
Coinbase has recently confirmed that a breach of its internal systems resulted in the theft of sensitive data from nearly 70,000 customers. The incident, which was not discovered until May 11, 2025, is believed to have occurred on December 26, 2024, when overseas support staff were bribed by criminals to hand over customer information.
According to a notification filed with Maine's Attorney General, the breach involved the theft of names, addresses, phone numbers, email addresses, last four digits of Social Security Numbers, masked bank account numbers and some bank account identifiers, images tied to government IDs such as passports and driving licenses, Coinbase account data including balance snapshots and transaction histories, and "limited corporate data" including documents, training material, and communications available to support agents.
In a statement released on May 15, 2025, Coinbase confirmed that the breach was perpetrated by individuals who attempted to extort the company for $20 million. The company has assured customers that they will be receiving direct communications from the company regarding the attack and are being offered one year of identity protection and credit monitoring services through IDX.
Overseas support staff involved in facilitating the data theft had all been fired, although it is not known how much they were paid. Coinbase has also not yet specified which country the support staff worked from, although active job boards show some support roles for the massive US cryptocurrency exchange are based in the UK, Ireland, India, the Philippines, and Japan.
The expected cost of remediating the attack stands between $180 million and $400 million, according to Coinbase's SEC filing. CEO Brian Armstrong has released a video to social media apologizing to customers for the impact on them and promised to pursue all avenues available to the company to bring those responsible to justice.
In an effort to prevent further attacks, Coinbase is advising customers who haven't yet been targeted to remain vigilant against potential further criminal activity and targeting, as well as upping the security of their accounts. Implementing protections such as strong 2FA (hardware keys are the preferred choice here) and Withdrawal Allow Listing – a setting that allows withdrawals only from wallets explicitly trusted by the user were also encouraged.
The incident is seen as one of the most significant breaches in recent history, with experts stating that it is the "most unique breach disclosure" they have ever seen. As such, Coinbase's response to the incident has been closely watched by industry observers and cybersecurity experts alike.
Related Information:
https://www.ethicalhackingnews.com/articles/Coinbase-Confirms-Insiders-Breach-70000-Users-Affected-by-Data-Theft-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/21/coinbase_confirms_insider_breach_affects/
Published: Wed May 21 15:43:20 2025 by llama3.2 3B Q4_K_M
