Coinbase, one of the leading cryptocurrency exchanges in the world, has confirmed a serious security breach in which sensitive customer data was compromised — including personal identification documents and financial details.
In a regulatory filing made this week, Coinbase disclosed that a hacker contacted the company and claimed to have accessed customer data. The attacker reportedly demanded a $20 million ransom in exchange for not leaking the information. According to Coinbase, it has no intention of paying the ransom.
The breach was traced back to individuals working in external support roles outside the United States. These contractors or employees had authorized access to internal systems as part of their job responsibilities but allegedly sold that access to the attacker. Coinbase stated that all individuals involved are no longer with the company.
The unauthorized activity was first detected months ago, prompting Coinbase to alert affected users and implement safeguards to reduce potential harm. The stolen data includes full names, phone numbers, email and mailing addresses, the last four digits of Social Security numbers, as well as partially hidden bank account numbers and other financial identifiers. Additionally, the hacker acquired identity documents such as passports and driver’s licenses, along with account balances and transaction history.
Beyond customer data, some internal company documents were also taken during the breach. In response, Coinbase announced that it is launching a new customer support center based in the U.S. and is working to enhance its cybersecurity systems to prevent future incidents.
Although the breach affected less than 1% of Coinbase’s 9.7 million monthly active users, the company estimates the cost of responding to the incident—including reinforcing security, compensating impacted users, and other remediation efforts—could range between $180 million and $400 million.
In a public statement, Coinbase CEO Brian Armstrong acknowledged the breach and confirmed the extortion demand but reiterated that the company would not comply with threats. The company is actively cooperating with regulators and law enforcement to investigate the incident and ensure accountability.
This breach highlights the risks associated with third-party access and the growing threat of insider leaks, even at some of the most prominent firms in the digital finance sector.
