Compromised information includes bank details, social security numbers, and government ID images.
The cryptocurrency exchange Coinbase was recently targeted in a hacking incident that led to the personal data of thousands of customers being stolen, the company said in a May 15 statement.
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
According to a March 31 filing with the Securities and Exchange Commission (SEC), Coinbase had 9.7 million monthly transaction users (MTU) by the end of that month.
Since the company claims that less than 1 percent of MTUs have been impacted by the hack, the number of affected individuals could be around 97,000.
Hackers got access to names, addresses, phone numbers, emails, last four digits of Social Security numbers, masked bank account numbers and identifiers, government ID images such as driver’s licenses and passports, and account data such as balance snapshots and transaction history.
Hackers did not get access to login credentials or 2FA codes, private keys, customer funds and the ability to move these funds, Coinbase Prime accounts, Coinbase or Coinbase customer hot or cold wallets.
Following the revelation, Coinbase shares crashed by 7.2 percent on Thursday.
In a May 14 filing with the SEC, Coinbase said it received an email communication from a threat actor on May 11 claiming to have obtained info about certain customer accounts and other details.
“The threat actor appears to have obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access,” said the filing.
The hackers aimed to gather a list of customers to contact while impersonating Coinbase to trick them into handing over their crypto assets, the company said in its May 15 statement.
They also tried to extort $20 million from the company to cover up the situation.
However, Coinbase refused to pay and is cooperating with law enforcement in the investigation, said the May 14 filing.
“To the extent any eligible retail customers previously sent funds to the threat actor as a direct result of this Incident, the Company intends to voluntarily reimburse them after it completes its review to confirm the facts,” it said.
“The Company is also in the process of opening a new support hub in the United States and taking other measures to harden its defenses to prevent this type of incident.”
