Coinbase Breach Exposed Data of Nearly 70,000 Users, Filing Reveals

A legal filing with the Maine Attorney General’s office has revealed that a major data breach at Coinbase affected 69,461 users, including 217 in Maine.

The breach occurred on December 26, 2024, but went undetected until May 11, 2025.

The Coinbase data leak was completely avoidable.

Companies need to stop leaking people’s data

This breach is another reminder: placing your personal data in a centralized company's hands makes it an irresistible target for attackers

ZK tech is how we fix this.

🧵👇 pic.twitter.com/npasn9KYLT

— Billions (@billions_ntwk) May 21, 2025

Attackers exploited social engineering tactics to deceive third-party customer service contractors, gaining access to users’ names, contact details, and addresses.

They then issued a $20 million ransom demand, which Coinbase refused.

The company terminated the contractors involved and pledged remediation for affected users.

The breach caused an estimated $400 million in damages, prompting a wave of lawsuits and a 7% drop in Coinbase’s stock.

High-profile individuals, such as Sequoia Capital partner Roelof Botha, were among the victims.

The U.S. Department of Justice has launched an investigation, though no further details have been released.

The incident has reignited concerns about Know Your Customer (KYC) data practices and the risks of collecting sensitive user information.

Experts warn such breaches increase threats of extortion, identity theft, and even physical harm to crypto holders.

As cyberattacks grow more sophisticated, the incident highlights the urgent need for stronger security measures in the digital asset industry.

About The Author