- The Coinbase contractor improperly accessed the data of ~30 customers without authorization
- Insider was fired; victims notified and offered protection against identity theft
- The incident echoes the case from 2025, where cybercriminals bribed support agents to steal $400 million worth of customer data
Coinbase has confirmed that it experienced an insider breach when a contractor accessed data on around 30 customers without proper authorization.
“Last year, our security team discovered that a single Coinbase vendor improperly accessed customer information, affecting a very small number of users (approximately 30),” a Coinbase spokesperson said. Bleeping Computer.
The company explained that the contractor was fired and the affected individuals were notified and offered free identity theft protection, as well as reporting the incident to regulatory authorities.
Bribe contractors
Very little extra is currently known about this incident, however Bleeping Computer it links to screenshots that ransomware operators Scattered Lapsus Hunters (SLH) posted on their Telegram channel recently.
The screenshots, which were deleted shortly after broadcast, allegedly showed the internal Coinbase support interface containing sensitive information such as names, email addresses, dates of birth, phone numbers, KYC information, cryptocurrency wallet balances and transactions.
It was also said that the screenshots could have been made by any other threat actor, so it is highly unlikely that the fired contractor is a member of the infamous hacker collective. Instead, they could have been bribed to share the data, as was the case last year.
In mid-May 2025, Coinbase said cybercriminals bribed overseas support agents to steal customer data in an incident that ended up costing the firm $400 million. The hackers demanded Coinbase pay a $20 million ransom in exchange for the data, but that never happened. Instead, Coinbase placed a $20 million reward on any information leading to the arrest of cybercriminals.
“Cybercriminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company said in a blog post.
“These insiders abused their access to customer support systems to steal account data for a small subset of customers. No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched. We will refund customers who were tricked into sending money to the attacker.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
