BITCOIN NEWS

COINTELEGRAPH Bitcoin and Etherrium Blockchain News

By 7 Mins Read
COINTELEGRAPH Bitcoin and Etherrium Blockchain News

Coinbase’s May 2025 Violation Background

Coinbase, the largest Cryptocurrency Exchange in the United States, received an unwanted email from an unknown threat on May 11, 2025. They claimed to have sensitive information about their customers and demanded a $ 20 million ransom.

It is interesting to understand how it happened in a public company that spends millions of dollars every month before investigating violations. In February, the blockchain investigator ZACHXBT reported that theft related to coinbase users increased. He pointed out the failure of Coinbase, which blamed an aggressive dangerous model and failed to prevent $ 300 million in losses due to social engineering fraud.

The ZACHXBT table shared by X has stolen $ 65 million from the user between December 2024 and January 2025. In addition, his data came from a direct message about Onchain Thefts and said that the actual loss could be higher because he excluded the police report that could not be accessible with the Coinbase support ticket.

When Coinbase posted an account balance, ID image, telephone number, home address, and partially hidden bank details during the violation of the data, the fear of the cyber criminal who stole valuable information on May 11 was realized.

On May 21, the same threater exchanged $ 42.5 million in ether (ETH) through Thorchain at Bitcoin (BTC). They seemed to ridicule ZACHXBT with the meme video of the NBA player James Worthy Smook A CIGAR using the “L Bozo” using the Etherrium Transaction input data.

Coinbase Data Hacker Trolling ZACHXBT

What happened: Timeline of Coinbase Violation

The 2025 Coinbase violation was not a general encryption hacking related to smart contracts or blockchain vulnerabilities. Instead, it was the same as the traditional IT security failure marked with internal manipulation, corporate espionage and robbery attempts.

Below is a breakdown of how the event is developed.

  • Inner rich recruitment and information stolen began. In order to steal coinbase information, unknown cyber attackers have begun recruiting some overseas customer service agents (India -based) working at Coinbase. This rich man was paid to leak sensitive customer data and internal documents, especially internal documents around the customer service and account management system. The stolen information is for future frauds for users.
  • Security detection and employee termination: Coinbase’s internal security team eventually detected suspicious activities related to employees. The relevant employees were quickly terminated and the company warned the affected user. It affected only 69,461 accounts, but there was a part of the user base of Coinbase, but the depth of the stolen personal data made the violation important.
  • Attempts to rob through e -mail (May 11, 2025): Coinbase has received an unwanted e -mail claiming that it has internal system details and personal identification information (PII). This was later confirmed to be trusted in the 8-KEC declaration.
  • Coinbase refuses to pay $ 20 million in ransom (May 14, 2025): Coinbase turned the script instead of accepting the robber. The company reported and publicly published a violation of the law execution, and provided $ 20 million compensation for the information leading to the attacker’s arrest, turning defense into a crime.
  • Disclosure and disclosure notifications: Immediately after submission of the SEC, Coinbase publicly confirmed the violation that clarified the scope and personality of the attack. The data violation notification was submitted to the main minister’s office and officially affected by 69,461 users.

This timeline reflects how the Crypto company responded differently to the expansion of cyber expansion with transparency, resistance and bold measures. This can lead to a change in the way a company responds to the threat of cyber criminals.

Michael Rubin, a lawyer at Coinbase, has submitted a notification of data violations with the main lawyer.

Did you know? The North Korean Lazarus Group has been stolen more than $ 6 billion since 2017, including $ 14.6 billion in BYBIT in 2025.

Which data was damaged in the 2025 coinbase data leak?

According to a notification letter issued by Coinbase, attackers found this information because they plan to start social engineering attacks. The information they stole seems to be trusted by the victims and can be persuaded to transfer funds.

Coinbase explained the information that the actors access and the information they could not do.

The attacker gained

  • Name, address, telephone and email
  • Government ID image (e.g. driver’s license, passport)
  • Masked social security (only 4 digits)
  • Account data (balance snapshot and transaction record)
  • Masked bank account number and some bank account identifiers
  • Limited corporate data (including communication that can be used by documents, educational materials and support agents)

What attackers could not get

  • Login credentials or 2FA code
  • Private key
  • Access to Coinbase Prime Account
  • The ability to move or access customer funds
  • Access to Coinbase or Coinbase Customer Hot or Cold Wallet

Did you know? In 2022, Crypto.com lost $ 30 million from 483 accounts. At first, they claimed that the funds were not stolen, but later recognized the victims of violations and refunds, emphasizing the importance of transparency in encryption hacking.

How did Coinbase responded to violation of criminal data in 2025

In response to data leaks in 2025, Coinbase implemented a comprehensive strategy to alleviate damage, support users who are affected and strengthen the security infrastructure.

The main action taken by Coinbase is:

  • Rejection to pay ransom: Coinbase has rejected the $ 20 million ransom required by the attackers. Instead, the company has established a $ 20 million compensation fund for the information leading to the arrest and guilt of the responsible people.
  • Customer repayment: The company tried to repay customers who were deceived by sending funds due to violations. The cost of treatment and repayment costs is between $ 180 million and $ 400 million.
  • Theft protection service: The company provides one -year free credit monitoring and identity protection services to all individuals affected. This includes credit monitoring, a million dollars of insurance repayment policy, status restoration service, and dark web monitoring, which detects whether personal information appears on illegal online platforms.
  • Improved Customer Protection: The affected account requires additional ID verification of large -scale withdrawal, including essential fraudulent recognition promptes to prevent additional social engineering attacks.
  • Enhanced support operation: Coinbase is opening a new support hub in the United States. In order to prevent internal rich threats, we have implemented more powerful security control and monitoring in all locations.
  • Law enforcement and cooperation: The company is working closely with the US and international law enforcement agencies. The insiders involved in the violation were terminated and referred to for criminal prosecution.
  • Transparency and communication: Coinbase notified the customer who was immediately affected when the violation was recognized. It provides the steps to be done to solve the continuous update mention of the violation.

These measures reflect the promise of COINBASE’s customer protection and an active approach to cyber security issues.

Did you know? CROSSCHAIN ​​Bridges, such as Nomad Bridge, lost $ 190 million in 2022 due to complicated smart contract vulnerabilities. This bridge is a hacker’s favorite because it stores large password assets.

How to maintain safety when violating data such as Coinbase

Due to the massive data leaks of the encryption platform, we must take active measures to protect ourselves from social engineering attacks.

Here’s how to maintain safety at such an event:

  • Do not share with people who pretend sensitive information. A scammer often poses as a support employee or security personnel after violation. They can move you to a password wallet that shares funds with you, or to push you to disclose sensitive information with a variety of text. Do not share your password, 2 factor authentication (2FA) code or recovery phrases with the relevant theft. Encryption exchange does not request encryption to “new” or “safe” wallet.
  • Turn on the allowable list of the wallet address: Some exchanges offer this feature to limit the withdrawal to the preliminary approved wallet, so you control it completely. This prevents unauthorized transfer even if the account is damaged.
  • Powerful 2FA activation: For 2FA, use a hardware security key or a reliable authentication app. Do not rely on SMS-based 2FA, which is vulnerable to SIM-swapping attacks.
  • Be careful with unwanted communication. If someone calls on the encryption platform and asks for a security certificate, or if you ask for asset transfer, you will immediately hang up. Do not respond to unknown text or email with personal information.
  • Lock first and investigate later. If you feel suspicious, lock your account immediately via your app or platform and report the case to customer support through the official channel.
  • Information maintenance: Regular review of the security tips and updates of the Crypto service and recognize and avoid the development of fraudulent tactics.

Share.

Related Posts

Add A Comment

Comments are closed.