Photo credit: Bastian Riccardi (via Pexels)
On May 14, 2025, the cryptocurrency exchange Coinbase disclosed a personal data breach to the U.S. Securities and Exchange Commission. The company revealed hackers had bribed Coinbase customer support agents located outside of the United States to gain entry to its secure internal systems.
This access allowed the hackers to steal sensitive customer information that could be used in social engineering attempts. The hackers then contacted Coinbase, threatening to release this stolen data unless they were paid $20 million in an attempted act of extortion.
Coinbase has refused to pay and says it is cooperating with law enforcement to catch the hackers while taking steps to prevent future breaches.
The hackers gained access to the personal data of under 1% of Coinbase’s monthly transacting users. Compromised data includes:
- Name, address, phone, and email information
- Masked Social Security (last four digits only)
- Masked bank account numbers and some bank account identifiers
- Government ID images (e.g., driver’s license, passport)
- Account data (balance snapshots and transaction history)
- Limited corporate data (including documents, training material, and communications available to support agents).
The breach did not expose any customer passwords, private keys, or two-factor authentication codes, nor did it grant access to Coinbase Prime accounts or customer funds.
The company was already aware of the insiders exploiting their roles to access the information that would be used in the attempted extortion. These personnel are no longer employed at the company.
Coinbase provisionally estimates this breach could cost between $180 million and $400 million due to remediation, voluntary customer reimbursements, and security improvements.
Andrew Sever, Sumsub CEO, outlined his view in a recent Forbes article.
Employee fraud is a growing threat, especially with the advent of remote work and AI fraud tools. It has become more complex, affecting all stages of the employment lifecycle. Beyond financial loss, it can cause reputational damage, legal issues, operational disruptions, and a breakdown of trust.
To mitigate this risk, Sumsub encourages companies to have robust employee verification practices, comprehensive data security policies, and ongoing employee training on fraud.
Coinbase warns customers to expect impostors and advises the public to remain cautious of any suspicious activity.
