Coinbase is facing intense scrutiny after revealing a significant data breach affecting around 70,000 users. The breach, which occurred in December 2024, only came to light in May 2025. During this period, attackers accessed sensitive user information and demanded a ransom of 20 million dollars, a demand that Coinbase decisively refused. Instead, the company offered the same amount as a reward for information leading to the identification of the perpetrators.
User Data Left Exposed for Months
In mid-May, Coinbase officially disclosed the data breach to the Maine Attorney General’s office, marking months since it had occurred. During this time, user names, addresses, and personal information were leaked. The breach resulted from a combination of external tampering and the circumvention of multiple security layers. The hackers’ silence contributed to the delayed detection of the breach, only being revealed after they made ransom demands.
Investigations following the breach revealed that the hackers converted stolen cryptocurrencies from Bitcoin 
$74,999 to Ethereum 
$2,298, subsequently transferring them through THORChain to obfuscate their trail. This technique has been used in similar attacks, complicating tracking efforts. Notably, similarities with the North Korea-linked Bybit cyberattack indicate evolving money laundering tactics in the cryptocurrency market.
Coinbase’s Strategic Response
Coinbase flatly rejected the 20 million dollar ransom demand from the hackers. Instead, the company promised a reward of the same amount for information leading to their capture. This strategic move aimed to both protect the company’s reputation and assert its stance within legal frameworks. Nonetheless, the public revelation of the data leak subjected Coinbase to a barrage of criticism from multiple fronts. At least six lawsuits have been filed, with allegations of insufficient security measures.
Coinbase announced that the aftermath of the attack might cost between 180 and 400 million dollars in restructuring systems, legal proceedings, and compensating users. In addition, the breach has shaken trust in the cryptocurrency world, influencing investors’ and users’ perceptions of the platforms. Experts argue that such incidents have a cascading effect, impacting not only individual users but the entire sector.
The company’s commitment to addressing the breach highlights the broader challenges the crypto industry faces in addressing security vulnerabilities.
This leak underscores the urgent need for strengthened cybersecurity measures across all platforms handling sensitive data.
As the industry responds to these challenges, these results may usher in improved regulations and practices.
