New research shows that almost 70,000 user accounts may have been compromised
New details have surfaced about a recent data breach at Coinbase, revealing that the impact may be far more serious than initially believed. According to a filing submitted to the Maine attorney general’s office, nearly 70,000 user accounts were compromised in the cyberattack, which reportedly went undetected for close to six months.
The document, submitted by the legal firm Latham and Watkins LLP, stated that 69,461 users were affected, including over 200 residents from Maine. The breach took place on December 26, 2024, but wasn’t identified until May 11, 2025. This delay in detection has drawn criticism and sparked a number of lawsuits, with users accusing Coinbase of failing to notify victims in a timely fashion.
The breach involved scammers tricking multiple Coinbase customer support contractors into giving up limited user data, including names, contact details, and physical addresses. With that information in hand, the attackers reportedly demanded a $20 million ransom, which Coinbase refused to pay. In response to the breach, the company terminated the contractors involved and pledged to compensate affected users.
Estimates suggest the breach has already led to around $400 million in losses, largely due to social engineering schemes and cleanup efforts. The incident has also contributed to growing doubts over how crypto firms manage customer identity data, especially data collected under Know Your Customer (KYC) regulations.
In the aftermath, Coinbase’s stock dropped by 7%, and the US Department of Justice opened an investigation into the extortion attempt and data leak. The identity of some victims adds more weight to the breach, including Roelof Botha, a prominent partner at Sequoia Capital, who was also caught in the incident.
