Cryptocurrency exchange giant Coinbase has disclosed a significant data breach involving customer information, according to a Form 8-K filing with the Securities and Exchange Commission. The company revealed that it received a ransom demand from an unknown threat actor on May 11, following unauthorized access to customer data and internal documentation.
According to the filing, the breach occurred through an unusual tactic: the attackers paid multiple contractors or employees in support roles outside the United States to misuse their legitimate system access to collect sensitive information.
Coinbase had previously detected these unauthorized access attempts through security monitoring "in the previous months" and had terminated the involved personnel.
The compromised information includes customers' personal details such as names, addresses, phone numbers, and email addresses. Also exposed were the last four digits of Social Security numbers, masked bank account numbers, banking identifiers, government-issued identity documents (including driver's licenses and passports), account balance snapshots, and transaction histories.
CEO Brian Armstrong stated in a social media post that the hackers demanded $20 million to prevent public disclosure of the stolen information. Coinbase has refused to pay this ransom and is cooperating with law enforcement in investigating the incident.
Importantly, the company emphasized that the breach did not compromise passwords or private keys, and at no point could the involved contractors or employees access customer funds.
Coinbase spokesperson Natasha LaBranche told TechCrunch that fewer than 1% of the company's 9.7 million monthly customers were affected, based on figures from the company's March 2025 annual report.
The company is implementing several remedial measures, including opening a new support hub in the United States and strengthening security defenses.
Coinbase has also committed to reimbursing any eligible retail customers who may have sent funds to the threat actor as a direct result of this incident.
The financial impact remains uncertain, with Coinbase preliminarily estimating expenses between $180 million and $400 million for remediation costs and voluntary customer reimbursements. The company noted this estimate could "meaningfully increase or decrease" pending further review of potential losses, indemnification claims, and possible recoveries.