- Coinbase contractor improperly accessed data of ~30 customers without authorization
- Insider was fired; victims notified and offered identity theft protection services
- Incident echoes 2025 case where cybercriminals bribed support agents to steal customer data worth $400 million
Coinbase has confirmed it experienced an insider breach when a contractor accessed data on roughly 30 customers, without proper authorization.
“Last year our security team detected that a single Coinbase contractor improperly accessed customer information, impacting a very small number of users (approximately 30),” a Coinbase spokesperson told BleepingComputer.
The company explained the contractor was fired, and the affected individuals were notified and offered free identity theft protection services, as well as reporting the incident to the regulators.
Bribing contractors
Very little extra is currently known about this incident, but BleepingComputer links it to screenshots that ransomware operators Scattered Lapsus Hunters (SLH) posted on their Telegram channel recently.
The screenshots, which were deleted soon after posting, allegedly showed the internal Coinbase support interface, containing sensitive information such as names, email addresses, dates of birth, phone numbers, KYC information, cryptocurrency wallet balances, and transactions.
It was also said that the screenshots could have been created by any other threat actor, so it is highly unlikely that the fired contractor is a member of the infamous hacking collective. Instead, they might have been bribed into sharing the data, as was the case last year.
In mid-May 2025, Coinbase said that cybercriminals bribed overseas support agents to steal customer data in an incident that ended up costing the firm $400 million. The hackers demanded Coinbase pay $20 million in ransom, in exchange for the data, but that never happened. Instead, Coinbase placed a $20 million bounty on any information leading to the arrest of the cybercriminals.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company said in a blog post.
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.