A targeted attack on external contractors led to a serious data breach at US crypto exchange Coinbase-right in the middle of a sensitive period for the company.

Coinbase has confirmed that cybercriminals gained access to the personal data of millions of customers. Affected information includes names, addresses, email addresses, and transaction histories. The attackers used social engineering methods and are said to have bribed external service providers to gain access to internal systems. The company estimates the financial damage could amount to as much as 400 million US dollars-a sum Coinbase is setting aside to compensate affected users. This was revealed in a press release available here . The incident occurred just days before the company’s planned inclusion in the SP 500 index, adding further pressure on management.

Insider bribery, social engineering, and targeted vulnerabilities

According to the exchange, the attack was enabled via external employees outside the US who passed on internal credentials in exchange for payment. Coinbase reported that all individuals involved have since been dismissed. Particularly alarming: the attackers demanded a ransom of 20 million USD, which Coinbase refused to pay. Instead, the exchange offered a bounty of the same amount for information leading to the identification of the perpetrators.
The company is now working closely with US and international law enforcement authorities. In an official statement, Coinbase emphasized that all affected customers have been informed and will be compensated if necessary-especially in cases where the stolen information leads to further attacks such as phishing attempts.

Regulatory scrutiny: SEC is watching closely

Coinbase is under scrutiny not only because of the security incident. The US Securities and Exchange Commission (SEC) is currently investigating allegations that the company may have inflated user numbers or failed to properly implement KYC requirements. Coinbase denies the allegations but emphasizes its willingness to cooperate. Analysts view the attack as further evidence that even leading crypto platforms are under increasing pressure to build professional security architectures and internal control systems on par with those of traditional banks.

KYC processes ( Know Your Customer ) require exchanges and brokers to collect sensitive personal data, thereby exposing users to potential data breaches. Some privacy advocates argued after the incident that this significantly increases risks for individuals without effectively preventing money laundering. Criminals often use fake or stolen KYC identities anyway, which undermines the effectiveness of such preventive measures. Ultimately, the argument goes, these processes may create more vulnerabilities than they prevent. The fact that such incidents tend to occur more often at crypto platforms rather than traditional brokers suggests weaker security mechanisms within the industry.