Nearly 70,000 Coinbase Customers Exposed in Insider Data Breach

A newly confirmed data breach has compromised the personal information of nearly 70,000 Coinbase customers. Unlike previous high-profile attacks, this one was caused by an insider at a third-party contractor, raising serious questions about vendor security and oversight.

What happened

On June 2, 2025, Coinbase confirmed that a contractor working for TaskUs—a customer support vendor based in India—had leaked data connected to 69,461 customer accounts. The breach began on December 26, 2024, but wasn’t discovered until May 11, 2025, when hackers attempted to extort Coinbase for $20 million in Bitcoin in exchange for withholding the data.

The attacker reportedly stole:

- Full names and email addresses

- Potential account notes and metadata

- Possibly identity verification materials collected during KYC procedures

- Wallet activity or linked transaction data

While Coinbase has stated that no passwords or full account credentials were leaked, the type of information exposed is more than enough to support phishing, account impersonation, or identity theft.

What makes this breach different

Most breaches stem from external attacks. This one came from inside a trusted vendor. That means:

- The attacker likely had privileged access to sensitive customer support tools.

- The breach remained undetected for nearly five months.

- The stolen data was valuable enough to justify a multimillion-dollar ransom attempt.

TaskUs is a common vendor used by large companies for outsourced customer service. If you're a Coinbase user who has ever contacted support, your information could have passed through their system.

Why it matters

Cryptocurrency platforms do not offer the same protections as traditional banks. Once your wallet is compromised, your funds are typically unrecoverable. Even without direct access to your login credentials, attackers can:

  • Launch phishing campaigns using your real name and email

  • Bypass weak security setups, especially if you're using SMS-based authentication

  • Attempt SIM swaps or social engineering attacks with leaked metadata

  • Use stolen personal info to reset passwords or pass verification checks

What you should do

If you have a Coinbase account—or any crypto exposure—take the following steps immediately:

1. Change your Coinbase password
Use a strong, unique password. Avoid reusing passwords from other accounts.

2. Enable 2FA with an authenticator app
SMS-based two-factor authentication is no longer sufficient. Use apps like Authy or Google Authenticator instead.

3. Be alert for phishing
Do not click on links in emails or texts that claim to be from Coinbase. Go directly to the website to verify your account status.

4. Monitor your financial accounts
Check for unfamiliar transactions or login attempts. Monitor your credit if your identity verification documents were exposed.

5. Use a threat monitoring service
Patriot Protect monitors dark web markets, hacker forums, and breach databases. If your information surfaces, we flag it, investigate it, and help shut down fraud before it starts.

Final thoughts

This breach was large, deliberate, and targeted American users of a major financial platform. If you're storing or trading crypto, you can’t afford to assume you're safe. The security of your assets depends on proactive defense, not just passwords and hope.

Purchase My Protection Now

Back to blog