Coinbase, one of the largest and most trusted cryptocurrency exchanges in the U.S., has suffered a major data breach in what is now considered one of the biggest Coinbase hack events and crypto crime incidents of the year. The breach, first disclosed on May 16, is estimated to cost the company around $400 million, making it the eighth-largest crypto hack in history, according to Elliptic.
While this figure is significant, the real impact runs deeper. Coinbase is not just another exchange. It’s the first publicly traded crypto firm in the U.S., the key custodian of $122 billion in Bitcoin ETFs, and a major lobbyist for pro-crypto policies in Washington. Just three days before the hack was made public, Coinbase celebrated a milestone: its inclusion in the S&P 500 Index, a move that brought it into the portfolios of millions of traditional investors.
Hackers Bribed Employees, Gained Access for Months
This wasn’t a typical software exploit or phishing attack. Instead, it was a social engineering scheme where hackers used bribes to manipulate Coinbase’s customer support agents, mainly based in India, to steal sensitive user data in the lead-up to the Coinbase hack.
The intrusions reportedly began in January 2024. Hackers gained access to customer names, birth dates, addresses, government ID numbers, account balances, and even banking details. This level of access allowed them to potentially impersonate Coinbase or its users.
In an internal interview, Coinbase’s Chief Security Officer, Philip Martin, confirmed that multiple customer support agents were compromised but denied that hackers had constant access throughout the five-month period. According to him, the agents were quickly quarantined and terminated once the Coinbase hack was detected.
Despite that, Bloomberg sources revealed that hackers still had access to data as recently as Wednesday, May 15. Coinbase disputes this claim but admits it cannot “prove a negative.”
$20 Million Ransom Demand and a Counter-Bounty
On May 11, hackers sent Coinbase an anonymous email demanding a $20 million ransom in exchange for deleting the stolen data. Rather than pay, Coinbase has offered a $20 million bounty to anyone who can provide information that leads to the arrest and conviction of the attackers responsible for the Coinbase hack.
Coinbase reported the breach in a formal regulatory filing and confirmed that the issue affected less than 1% of monthly transacting users. It promised to fully reimburse any users who experienced financial losses.
Some high-net-worth individuals were reportedly targeted. David Jeong, a crypto entrepreneur based in New York, received suspicious text messages on both April 3 and May 4, asking him to verify logins to his Coinbase account, despite not using one-time passwords from Coinbase in over two years.
Sensitive Data Raises Security Concerns
The sheer amount of personal data exposed in the Coinbase hack has raised red flags across the crypto industry. According to Mike Dudas, managing partner at Web3 firm 6MV and one of the victims, the breach could pose physical threats to those affected.
“This is a major crypto crime. The level of data stolen is staggering. It forces people to think beyond digital risk, it’s also about personal safety,” Dudas said, referencing other recent crypto-related kidnappings in France and elsewhere.
The breach follows a concerning trend where crypto users with large holdings are being physically targeted, such as the earlier 2024 kidnapping and mutilation of a startup founder. With attackers holding enough personal data to pose as Coinbase or its users, the risk of impersonation and further financial fraud is high.
A Pattern of Growing Crypto Threats
This event is not isolated. According to blockchain analytics firm Chainalysis, cybercriminals stole over $2.2 billion worth of crypto in 2024 alone. Social engineering, targeting people instead of systems, is increasingly popular among crypto thieves. Just in February, Bybit suffered a $1.5 billion attack through similar techniques, highlighting that the Coinbase hack is part of a wider vulnerability landscape.
As the crypto market grows, so does its appeal to cybercriminals. Many are now using AI-driven fraud techniques to bypass modern security systems.
Nick Jones, CEO of crypto platform Zumo, commented: “As our industry evolves, so do the threats. Criminals are using more advanced tools, and even the strongest platforms like Coinbase can become victims of Bitcoin heist attempts.”
Coinbase Responds to User Concerns
Following the Coinbase hack, Coinbase issued email notifications to premium users whose data might have been accessed. In the message, the company reassured customers that the compromised information did not include passwords, seed phrases, or other credentials that could give direct access to funds.
- Still, the company advised users to:
- Regularly monitor account activity
- Use a strong and unique password
- Be cautious of any unexpected login verification messages
Coinbase also stressed that its institutional-grade service, Coinbase Prime, which manages crypto for Bitcoin ETF issuers, was not affected by the Coinbase hack.
SEC Investigation Adds to Troubles
In addition to the Coinbase hack, Coinbase is now facing another challenge. The Securities and Exchange Commission (SEC) is investigating whether the company misstated user numbers in past reports. The inquiry reportedly began during the Biden administration and remains ongoing.
Paul Grewal, Coinbase’s Chief Legal Officer, called it a “hold-over investigation” tied to a metric that hasn’t been used for over two and a half years. He emphasized the company’s commitment to resolving the matter and cooperating with the SEC.
What Happens Next?
Coinbase is now facing a multi-layered crisis: a costly data breach, a regulatory investigation, and growing questions about the security of crypto platforms. Its stock price fell over 7% the day the hack was disclosed.
While the company has taken swift steps to control the damage, the incident has exposed vulnerabilities that go beyond technology. It’s a stark reminder that the biggest threats to crypto might come from human actions, not just faulty code.
With the rise in Bitcoin heists and crypto crimes, the industry must adapt quickly. For users, that means more vigilance. For companies, it means building systems that are resilient not just against hackers, but also against human compromise, a key lesson from the Coinbase hack.
