Summary
Coinbase Global, Inc. (COIN) has disclosed a material cybersecurity incident via an 8-K filing on May 14, 2025, detailing a campaign initiated by an external threat actor. The incident involved contractors or employees outside the U.S. gaining unauthorized access to internal systems to extract customer data and internal documentation. While passwords and private keys were not compromised, and customer funds remained secure, the breach exposed customer names, addresses, phone numbers, emails, masked Social Security numbers, masked bank account information, government ID images, and account data. Coinbase has terminated the involved personnel, enhanced fraud monitoring, and is notifying affected customers. The company intends to reimburse eligible retail customers who may have lost funds directly due to the incident. A preliminary estimated range for remediation costs and voluntary customer reimbursements is between $180 million and $400 million, excluding potential further losses or recoveries. The company is also relocating support functions to the U.S. to bolster defenses.
Key Highlights
- 1Material cybersecurity incident involving unauthorized access to customer and internal data by contractors/employees.
- 2Customer funds and private keys were not compromised.
- 3Exposed data includes PII (name, address, email, phone), masked SSN and bank details, government ID images, and account information.
- 4Coinbase to reimburse eligible customers who lost funds directly as a result of the incident.
- 5Preliminary estimated costs for remediation and reimbursements range from $180 million to $400 million.
- 6Coinbase is cooperating with law enforcement and taking steps to enhance security, including establishing a U.S.-based support hub.
- 7The full financial impact is still under assessment and could exceed the preliminary estimate.