Coinbase, the leading cryptocurrency exchange in the United States, disclosed a recent cybersecurity breach affecting 69,461 users, according to a notification submitted to the Maine attorney general’s office. Although the hackers failed to access individual accounts or sensitive login details such as two-factor authentication codes, private keys, or crypto wallets, they were able to obtain a wide array of personal data.
The compromised information includes:
- Full names
- Residential addresses
- Phone numbers
- Email addresses
- Partial Social Security numbers
- Masked bank account details
- Government-issued ID images (e.g., driver’s licenses, passports)
- Account-related data such as transaction history and snapshots
In an SEC filing, Coinbase revealed that the attackers paid offshore contractors to gain access to internal systems. This information was weaponized to launch a social engineering scam. The perpetrators demanded $20 million in exchange for not leaking the stolen data—an offer Coinbase declined.
"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," the company said in its statement.
Coinbase is currently collaborating with law enforcement and has established a $20 million reward fund to incentivize tips that could lead to the identification and capture of the individuals responsible.
Meanwhile, reports on Reddit suggest that some users received unsolicited password reset notifications as early as last week. It is still unclear whether these incidents are directly connected to the breach. CNET contacted Coinbase for a response, but no comment was issued at the time.
Steps to Protect Your Crypto and Data
Although Coinbase has confirmed that seed phrases and investor accounts remain secure, the exposure of personal data is significant. Here’s what you should do now to safeguard your information:
1. Use a Cold Wallet
security, coldwallet, hardwarewallet, cryptoassets
For regular crypto investors, shifting funds to a cold wallet—a device not connected to the internet—can provide an extra layer of security in case of future breaches
2. Freeze Your Credit Reports
creditfreeze, SSN, financialsecurity
Freeze your credit reports with all three major bureaus and consider placing a lock on your Social Security number to prevent identity misuse. Be cautious of phishing attempts that may exploit this situation.
"It's worth the hassle of setting up accounts with all three major credit bureaus. I get peace of mind at zero cost to me," said Danni Santana, CNET’s identity theft editor.
3. Notify Your Bank
banking, accountsecurity, financialfraud
Even if only partial account information was exposed, contact your bank to report the incident. You may want to open new checking or savings accounts as a precaution.
4. Enroll in Identity Monitoring Services
identitytheft, monitoring, datasecurity, insurance
Opt into a free credit and identity monitoring service. While these platforms don’t take direct action, they provide alerts if your data appears on the dark web. Paid services like Aura go further, offering identity restoration support and up to $1 million in identity theft insurance.
