- Entrepreneur Coinbase improperly accessed data of around 30 customers without authorization
- Insider was fired; victims were informed and offered identity theft protection services
- The incident echoes one in 2025, where cybercriminals bribed support agents to steal customer data worth $400 million.
Coinbase has confirmed that it suffered an internal breach when a contractor accessed the data of approximately 30 customers, without proper authorization.
“Last year, our security team detected that a single Coinbase contractor had inappropriately accessed customer information, affecting a very small number of users (approximately 30),” a Coinbase spokesperson said. BeepComputer.
The company explained that the contractor was fired and those affected were notified and offered free identity theft protection services, as well as reporting the incident to regulators.
Corruption of entrepreneurs
Very little is currently known about this incident, but BeepComputer links it to screenshots that ransomware operators Scattered Lapsus Hunters (SLH) recently posted on their Telegram channel.
The screenshots, which were deleted shortly after publication, allegedly showed Coinbase’s internal support interface, containing sensitive information such as names, email addresses, dates of birth, phone numbers, KYC information, cryptocurrency wallet balances and transactions.
It was also said that the screenshots could have been created by any other threat actor. It is therefore very unlikely that the fired entrepreneur is a member of the infamous hacker collective. Instead, they could have been bribed to share the data, as was the case last year.
In mid-May 2025, Coinbase said cybercriminals had bribed overseas support agents to steal customer data in an incident that ended up costing the company $400 million. The hackers demanded that Coinbase pay a $20 million ransom in exchange for the data, but this never happened. Instead, Coinbase put a $20 million bounty on any information leading to the arrest of the cybercriminals.
“Cybercriminals bribed and recruited a group of rogue foreign support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company said in a blog post.
“These insiders abused their access to customer support systems to steal account data from a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are intact. We will refund customers who were tricked into sending funds to the attacker.”
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
