Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand

Cryptocurrency platform Coinbase said 69,461 people had information leaked during a data breach that began in December 2024.

In documents filed with regulators in Maine on Tuesday, Coinbase said the information leaked included photos of passports, government IDs, names, dates of birth, the last four digits of Social Security numbers, bank account numbers and account information including balances and transaction history. 

The filing relates to an incident that became public last week when Coinbase told the Securities and Exchange Commission (SEC) that cybercriminals bribed overseas support agents allegedly in India with cash payments to steal Coinbase customer data.

“Attackers seek out this information because they want to conduct social engineering attacks, using this information to appear credible to try and convince victims to move their funds,” Coinbase said in sample breach notification letters sent to the more than 69,000 victims.  

“This week — after we fired the individuals involved and added even more stringent security measures — a third party claimed they had access to our customer data, and attempted to extort a $20 million payment.”

Coinbase previously said the extortion attempt occurred on May 11 but that they turned it down, instead disclosing the incident publicly. The hackers compiled a list of Coinbase customers that they could contact while purporting to be from the company — “tricking people into handing over their crypto.”

The breach caused alarm due to an increase in kidnappings and violence involving those in the cryptocurrency industry. Last week, masked kidnappers attacked the daughter of a French crypto CEO in Paris and several other incidents have come to light in recent months. 

In the breach notification letters, Coinbase said the information stolen does not include passwords or other information that would allow someone to access a users’ account. 

Coinbase pledged to reimburse retail customers who were scammed into sending funds as a result of the incident but did not respond to requests for comment about how many people had coins stolen or how much was stolen. 

The company also listed multiple other measures they are taking, including tracing the stolen funds, flagging accounts making large withdrawals and issuing a $20 million reward for information on the hackers.

Coinbase said in the SEC filing last week that it expects to spend $180 million to $400 million on remediation and response costs.

Bloomberg reported that the U.S. Justice Department is now investigating the breach.