Coinbase Admits Loss of $400 Million in Customer Data

The largest American crypto exchange Coinbase has confirmed a leak of user data, estimating the damage at $400 million. The attackers bribed support staff abroad, gaining access to data of less than 1% of active users. The company emphasizes that the attack affected only a small portion of customers.

Market participants are calling it a serious reputational blow to the platform and an attack on privacy, prompting traders to look outside of centralized exchanges for solutions. Coinbase has been plagued with security issues and thefts of user funds from customers throughout the year, with multiple reports of social engineering and SIM swapping attacks allowing attackers to steal millions of dollars in cryptocurrency.

One of the fraud schemes looked like this: the attackers, using the personal data of clients, called them under the guise of Coinbase technical support employees, reported that the account had been hacked and offered to transfer funds to a “safe wallet”, which was actually controlled by the fraudsters. This was told by the co-founder of Alliance DAO Chao Wang, who himself became a victim of such an attack, emphasizing that no major exchange has such security problems.

Despite numerous reports of breaches, Coinbase only acknowledged the leak in mid-May 2025, almost immediately after the news of its shares being included in the S&P 500 index. This was followed by an official statement and filing of documents with the US Securities and Exchange Commission (SEC), where the exchange estimated the damage from the leak at $400 million.