Coinbase’s Latest Data Breach Raises New Concerns Over Security Practices
Coinbase disclosed on May 15, 2025 that it suffered another significant security breach, acknowledging that certain of its customer support agents were bribed to disclose confidential customer information in December 2024. The improperly disclosed information permitted the recipients of the wrongfully disclosed information to impersonate Coinbase customer support and steal Coinbase customers’ cryptocurrency. While Coinbase’s most recent data breach disclosure was made in May 2025, more than five months after the breach, it has been reported the Coinbase may have been aware of the breach as early as January 2025.
Key details about this most recent Coinbase security breach are conspicuously absent. In a video statement, Coinbase’s CEO acknowledged the breach but failed to provide basic information such as the dates or timeframes when the breach occurred or the number of customers affected. This lack of transparency is highly unusual. In in previous incidents, Coinbase disclosed the specific periods and scope of a breach. The omission raises serious concerns, including whether Coinbase even knows the full extent of the breach and the universe of affected customers. We suspect the company may be struggling to identify how many users were impacted, and whether additional customer support agents have been compromised. This could mean that the number of victims is far greater than Coinbase is acknowledging.
At DKR, we represent numerous Coinbase customers who have lost significant sums of cryptocurrency due to Coinbase customer support scam and other cybersecurity lapses. Our firms’ clients’ experiences suggest that Coinbase suffers from systemic security deficiencies. We believe that Coinbase’s most recent security breach further validates the cases our law firm has filed
This is not Coinbase’s first brush with serious compliance and security issues. In 2023, the State of New York fined Coinbase $50 million following after finding that Coinbase’s compliance and cybersecurity measures were insufficient.
As a law firm focused on digital asset theft and data breaches, DKR is committed to holding Coinbase accountable. We are vigorously prosecuting claims on behalf of victims and expect to file additional cases in the coming weeks and months. If you are a Coinbase customer who believes you may have been affected by this latest breach—or any previous or subsequent incident—we encourage you to reach out to discuss your legal options.
