Top News Stories

Coinbase cyberattack

By API User | May 18, 2025

Coinbase Global said it’s working with law enforcement to track down an unknown “threat actor” that paid its contractors working in support roles for the company outside the U.S. to obtain personal information of its customer base. Coinbase did not say how many of its clients were affected, but it had already informed them about the breach after it detected it months ago and fired the contractors involved. Coinbase said customer passwords and private keys were protected by its systems, and “at no time were any of the targeted contractors or employees able to access customer funds.” However, the affected data included names, home and email addresses, phone numbers, the last four digits of Social Security numbers, masked bank-account numbers and some bank-account identifiers. The breach also included government-ID images such as passports and driver’s licenses, account data such as balance snapshots and transaction history and limited Coinbase corporate data such as documents, training materials and communications to support agents. Coinbase said it plans to open a new support hub in the U.S. as well as take other prevention measures. It estimated expenses of $180 million to $400 million for remediation costs and voluntary customer reimbursements related to the problem, and said the dollar figure could change as it assesses the impact. It did not say if the cost estimates include the price of launching a U.S. service center. “The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities,” the company said. Coinbase said it has already terminated the personnel involved and “implemented heightened fraud-monitoring protections” in previous months after its security monitoring detected the trouble.