Coinbase Faces Backlash Over Delayed Notification of Data Breach Affecting Nearly 70,000 Users
Recently, cryptocurrency exchange Coinbase was revealed to have experienced a serious data breach involving personal information as early as the end of 2024, but formally notified users only five months later. While funds were not affected, this delay has sparked significant discontent within the community. The incident impacted a total of 69,461 users, raising concerns about the company’s security protocols.
Insider Breach: Six Months of Access to KYC Data of 60,000 Users
According to documents submitted by Coinbase to the Maine Department of Justice, the company experienced a user data breach on December 26, 2024, but did not detect any anomalies until May 11, 2025, subsequently issuing a written notification on May 30. The leaked data included sensitive KYC information such as user names, addresses, and email addresses, affecting 69,461 users, including 217 from Maine.
Coinbase stated that hackers obtained customer data by bribing multiple customer service representatives and contractors in India, and those involved have been terminated. Although the company emphasized that passwords, private keys, and user funds were not compromised, the leaked information still poses significant risks for fraud and identity theft.
(Coinbase’s Troubles: Potential Liability of $400 Million Due to Data Breach, SEC Investigates User Data Inflation)
Security Experts Challenge Coinbase: Were They Aware and Silent?
In response to Coinbase’s claim that the breach was a singular event occurring at the end of December, security analyst @tayvano_ took to the social media platform X to confront the company with login records from a high-value user. The attached images revealed that the account had multiple unauthorized logins between February 7 and 10, 2025, leading him to question how the monitoring team could have failed to notice such issues if the system is capable of notifying users.
As evidence, here’s a very small cutout of one high value customer’s Coinbase account. This wasn’t pulled on Dec 26, 2024 honey. pic.twitter.com/UiDbS0iqdV — Tay (@tayvano_) May 21, 2025
He criticized Coinbase’s assertions as a public relations joke, claiming that the company’s internal management and alert capabilities were deficient, and suggested that this incident may indicate “long-term internal infiltration” rather than a single occurrence. Other users also provided additional clues indicating that phishing messages and scam calls had been received as early as mid-2024, suggesting that the breach may have occurred earlier than officially stated, possibly spanning several months.
(Scam Hotspot? ZachXBT Exposes Coinbase’s Slow Response, Allowing Users to be Defrauded of Over $60 Million)
In Response to Criticism, Coinbase Announces New Customer Service Center and Increased Security Measures
In light of external scrutiny, Coinbase announced plans to establish a new customer service center in the United States and enhance its security measures. Simultaneously, they will offer affected users a one-year free identity protection, credit monitoring, and insurance services managed by IDX, but this has not quelled user anger.
Department of Justice and SEC Investigate, Coinbase Bracing for Impact
Due to the involvement of a large amount of personal data and insider leaks, the U.S. Department of Justice has intervened through its criminal division in Washington. Coinbase CEO Brian Armstrong confirmed this and emphasized that the company proactively requested the authorities to investigate in a show of cooperation. Additionally, the U.S. Securities and Exchange Commission (SEC) is conducting another investigation into whether Coinbase inflated user data prior to its IPO in 2021.
This incident not only reflects deep-seated vulnerabilities in Coinbase’s internal management but also exposes the overall fragility of the entire cryptocurrency industry in the face of internal and external threats. In an era where trust has become a critical asset in the cryptocurrency sector, how Coinbase navigates this storm and emerges renewed will be its greatest challenge going forward.
(Artists Suffer Severe Losses Due to Coinbase Data Breach, How Social Engineering Attacks Steal Your Money?)
Risk Warning
Investing in cryptocurrencies carries a high level of risk, and prices may fluctuate significantly. You may lose all your principal. Please assess the risks carefully.