In January 2025 Coinbase, the largest cryptocurrency exchange in the United States, was embroiled in data breach. The breach in May included sensitive customer data and discovered deficiencies in the company’s security procedures.
Formal Advance Notice: January 2025
In January 2025, Coinbase was formally notified that a major data breach occurred regarding one of their employees who worked at an Indian call centre called Taskus that provided customer support services through a third-party vendor. Upon investigation, Coinbase discovered that an employee at Taskus was taking screenshots of sensitive customer data on her work computer, which she had sold to the hackers for a bribe.
The data that was compromised contained names, addresses, phone numbers, government ID photos, masked Social Security numbers, account balances, and transaction history. Importantly, login credentials, private keys, and direct customer funds access remained out of reach.
When the breach was discovered, Coinbase responded by firing the affected employees and turning them over to law enforcement agencies. The company, though, did not publicly disclose the breach at the time.
Public Disclosure: May 2025
On May 11, 2025, the hackers made a $20 million extortion request to Coinbase, vowing to dump the stolen information. This led to the company making the breach public through a filing with the Securities and Exchange Commission (SEC).
The delayed notification has raised questions regarding Coinbase’s transparency and compliance. According to an SEC release, “The SEC advises public companies to provide timely disclosure of material cybersecurity events.”
Financial and Business Implications
The attack involved roughly 70,000 Coinbase customers and will likely cost Coinbase approximately $400 million (including remediation, customer reimbursement, and improvements to security infrastructure).
Regarding the incident, Coinbase has put many measures in place to improve the security profile of their company. Specifically, they have created a new support center in the US to reduce their reliance on foreign contractors and implemented tighter security. Coinbase also established a $20 million reward fund for information that results in the arrest and conviction of the perpetrators.
Wider Implications for the Crypto Sector
This incident reflects the difficulties of cryptocurrency exchanges in protecting customer information, particularly in the case of handing over customer support operations. The loss highlights our need for thorough screening processes for third-party vendors, and we need to continue monitoring their third-party security posture. The attack also indicated a concerning trend in cybercriminals growing sophistication, as they now appear to be combining insider access and social engineering to bypass organizational defenses. It’s a wake-up call for organizations to fully invest in robust employee training programs on security awareness.
Next Steps
The investigation is ongoing, but as Coinbase managed its way through the breach, it will be monitored by regulators, its clients, and the broader financial community. The responses by the firm after providing a disclosure – getting law enforcement involved and establishing a reward fund – show accountability and transparency take many forms. For the cryptocurrency community, hopefully it re-emphasized the need for strong security controls, oversight of third party business partners, and the need to respond quickly and appropriately for any potential breach.
