Following the recent Coinbase $400 million breach, it has been revealed that hackers gained unauthorized access to sensitive customer data as early as January.
A person familiar with the matter said the attackers had constant access by bribing customer service representatives, eventually demanding a $20 million ransom.
Culprits Bribed Foreign-Based Support Staff
According to a Bloomberg report, the perpetrators targeted employees and contractors based outside the United States who were part of Coinbase’s business process outsourcing operations.
By paying off a small group of insiders, they were able to get sensitive user information. The stolen data included names, birth dates, addresses, government-issued ID numbers, banking details, account balances, and creation dates. This information could be used to impersonate either Coinbase or its customers and potentially access other financial accounts.
“It’s a major breach, the amount of personal information shared is staggering,” said Mike Dudas, managing partner at web3 firm 6MV and a victim of the attack.
The source claimed that the hackers had access to user data since January, but Coinbase Chief Security Officer Philip Martin disputed this. He explained that once the firm was aware of the information sharing, permission was revoked, hence the culprits did not have constant access throughout the period.
However, he acknowledged that there were multiple bribery incidents, with Coinbase first detecting signs of suspicious activity from the support agents months before the May 11 ransom demand. Following this, the implicated agents were immediately quarantined and fired.
Details From the Breach
The exchange disclosed the situation to the public in a Thursday announcement. In a blog post, it revealed that less than 1% of monthly transacting users were affected by the incident. The attackers aimed to build a list of customers to impersonate Coinbase and trick users into handing over their crypto assets. When the $20 million ransom demand was rejected, the bad actors increased their extortion attempts.
The company clarified that login credentials, private keys, and Prime accounts were not compromised, and no customer wallets were accessed. In response to the breach, Coinbase has said it will reimburse any users who lost money and boost its internal security systems. It also announced plans to open a new U.S.-based customer support hub.
In addition, the firm launched a $20 million bounty for information leading to the attackers’ arrest, tagged stolen funds for recovery, and is working with authorities to pursue criminal charges against the involved insiders.
The incident adds to a growing list of cyberattacks targeting the industry. A recent report by Immunefi highlighted that crypto projects lost $92.5 million in April 2025 alone across 15 separate attacks. This figure is a 27.3% increase from the $72.6 million lost in April 2024, and more than double the $41.4 million recorded in March 2025.
The post Hackers Had Access to Coinbase Customer Data Since January: Report appeared first on CryptoPotato.
Insiders claim hackers had access since January, but Coinbase maintains their window was limited after detection of suspicious activity. AA News, Crypto News, Coinbase, Hacking, Hacks CryptoPotato
