Coinbase, a leading cryptocurrency exchange, has disclosed a significant data breach affecting approximately 69,461 users, including 217 residents of Maine. The breach, which occurred on December 26, 2024, remained undetected until May 11, 2025, nearly six months later. The incident came to light following a complaint filed by law firm Latham & Watkins LLP with the Maine Attorney General’s office.
The breach involved cybercriminals bribing overseas customer service representatives to obtain sensitive user information, such as names, contact details, and physical addresses. Subsequently, the attackers demanded a $20 million ransom from Coinbase, threatening to release the stolen data. Coinbase refused to comply with the ransom demand and terminated the contractors involved in the breach.
In response to the breach, Coinbase has pledged to reimburse affected users and has estimated the total cost of remediation and reimbursements to be between $180 million and $400 million. The company is also cooperating with law enforcement agencies in an ongoing investigation.
The breach has raised concerns about the security of Know Your Customer (KYC) data collection practices in the cryptocurrency industry. Experts warn that such data leaks can pose physical risks to crypto investors, making them targets for extortion and other crimes.
Coinbase’s stock experienced a 7% decline following the public disclosure of the breach. The company is taking steps to enhance its security measures, including establishing a new support hub in the United States and implementing stronger safeguards to protect user data.
