The recent large-scale extortion scheme targeting Coinbase customers has had a significant impact, affecting nearly 70,000 individuals, according to an official document from the US-based cryptocurrency exchange. The breach was disclosed on May 15, and a data breach notification was filed with the Office of Maine’s Attorney General on May 21.
In the notification, Coinbase attributed the breach to insider wrongdoing, stating that a small number of individuals working at overseas retail support locations had improperly accessed customer information. The breach occurred on December 26, 2024, and affected 69,461 customers. Surprisingly, Coinbase only discovered the breach on May 11, 2025, when the attackers sent an email demanding a $20 million ransom in exchange for not releasing the stolen information online.
Refusing to pay the ransom, Coinbase instead established a $20 million reward fund for tips leading to the identification and apprehension of the attackers. However, there are challenges to Coinbase’s data breach timeline. Taylor Monahan, a prominent figure in the cryptocurrency community and security head at MetaMask, claims that threat actors had ongoing access via multiple insiders over an extended period, contradicting Coinbase’s timeline.
Monahan pointed to evidence suggesting that the breach occurred much earlier than stated by Coinbase. An article from Cryptoforensic Investigators supports this claim, stating that the breach likely happened eight to 10 months prior, enabling attackers to target high net-worth users successfully through phishing and social engineering campaigns.
The breach has raised concerns among Coinbase stakeholders, including TechCrunch founder Michael Arrington, about the potential repercussions for the cryptocurrency industry. This incident comes amid a surge in extortion attempts targeting cryptocurrency firms, as seen in recent high-profile heists and kidnapping attempts related to the industry.
As the cryptocurrency sector faces increasing cyber threats, it is crucial for companies like Coinbase to enhance their security measures to protect customer data and prevent future breaches. The incident serves as a reminder of the importance of robust cybersecurity practices in safeguarding digital assets and maintaining trust in the industry.
Photo credits: Nadezda Murmakova/bangoland/Shutterstock