On May 16, 2025, Coinbase, a leading cryptocurrency exchange, announced a cyberattack that compromised the personal data, including names, addresses, and emails, of less than 1% of its users. Hackers gained access by bribing external contractors and non-U.S. support staff, using the stolen information to impersonate Coinbase and scam customers.
The company confirmed that login credentials and passwords remained secure, but the breach could cost Coinbase between $180 million and $400 million.
JUST IN: Coinbase victim of cyberattack. pic.twitter.com/F8xRDYZmBi
— The ₿itcoin Therapist (@TheBTCTherapist) May 15, 2025Coinbase rejected a $20 million ransom demand, offering a $20 million reward for information leading to the hackers’ arrest. The exchange committed to reimbursing all affected customers who lost crypto assets due to the scam. Coinbase terminated the involved staff to prevent future incidents, collaborates with law enforcement, and plans to establish a U.S.-based support hub to strengthen internal controls.
Regulatory and Market Repercussions
The U.S. Securities and Exchange Commission (SEC) is investigating whether Coinbase misrepresented user data in prior disclosures, though the company denied any probe into its know-your-customer (KYC) compliance. As Coinbase prepares to join the S&P 500 index, its shares dropped over 7% following the news, reflecting investor concerns.
💥BREAKING:
COINBASE $COIN SHARES FALL 4.1% AFTER COMPANY SAYS IT EXPECTS UP TO $400 MILLION HIT FROM CYBER ATTACK. pic.twitter.com/G9TYWaAcOq
— Crypto Rover (@rovercrc) May 15, 2025The attack highlights escalating risks in the cryptocurrency industry, with Chainalysis reporting $2.2 billion in stolen funds across 2024. Coinbase’s breach follows similar incidents, such as the 2024 DMM Bitcoin hack, underscoring the need for robust cybersecurity.
“We’re sorry for the worry and inconvenience,” Coinbase stated. “We’ll keep owning issues and strengthening platform security.”
