Coinbase has confirmed a major security incident in which hackers accessed sensitive customer data, including government-issued IDs, financial records, and partial Social Security numbers. The crypto exchange disclosed the breach in a regulatory filing after receiving a ransom demand this week.
According to the company, the attacker claimed they had obtained internal data from Coinbase’s systems and threatened to release it unless paid $20 million. CEO Brian Armstrong confirmed the ransom demand in a social post but emphasized that Coinbase will not pay.
The Coinbase data breach was traced back to support personnel based outside the U.S. The attackers reportedly paid multiple contractors or employees in outsourced support roles to extract the data. These individuals had legitimate access to internal systems but misused that access. Coinbase has since terminated their employment.
While the breach wasn’t detected right away, Coinbase said its security team eventually identified the malicious activity after several months. The company has already notified affected users and advised them to take precautions to avoid identity theft or fraud.
The stolen information includes customer names, email and postal addresses, phone numbers, the last four digits of Social Security numbers, masked bank account details, and official IDs such as driver’s licenses and passports. Even transaction histories and account balances were compromised. Some internal corporate documents were also accessed during the breach.
In a company blog post, Coinbase downplayed the scale of the incident, saying fewer than 1% of customers were impacted. However, with over 100 million users globally, that figure could still represent up to one million people.
Coinbase estimates that it may spend between $180 million and $400 million on cleanup costs, including system remediation and potential reimbursements to affected users.
As of now, the company has not commented further on the breach. A Coinbase spokesperson did not immediately respond to requests for an update.
