Coinbase, the leading U.S.-based cryptocurrency exchange, has confirmed that 69,461 users were affected by a data breach that occurred in December 2024, according to a recent filing with the U.S. Securities and Exchange Commission (SEC). The breach, described as a “targeted phishing and social engineering attack”, compromised sensitive user information but reportedly did not result in unauthorized access to customer funds.
This marks one of the largest cybersecurity incidents disclosed by a major crypto platform in recent months, raising concerns over the growing risks to digital asset users.
Details of the Attack: Phishing and Social Engineering
According to the filing, the attackers gained access to internal Coinbase systems through a sophisticated phishing scheme that targeted employees. Once inside, the bad actors were able to obtain user data including names, email addresses, physical addresses, and partial bank details.
“The breach did not involve a failure in our core infrastructure or custody systems,” Coinbase clarified. “No customer funds were lost, and all impacted individuals were promptly notified.”
The company has since launched a comprehensive investigation and worked closely with law enforcement and cybersecurity experts to contain the fallout.
User Notification and Response Measures
Coinbase said it has already contacted all 69,461 affected users via email and postal mail, offering free credit monitoring and identity protection services. The exchange also implemented enhanced internal security protocols to prevent similar attacks in the future.
“We take data privacy and security extremely seriously,” Coinbase stated. “Our response team acted swiftly to contain the breach and protect impacted users.”
Cybersecurity in the Crypto Sector Under Scrutiny
This incident highlights the vulnerabilities facing centralized crypto platforms, even those with robust compliance frameworks like Coinbase. With the crypto industry increasingly under the spotlight from regulators and the public, any breach of this scale raises serious questions about platform security standards.
Security experts warn that phishing remains the most common vector for cyberattacks targeting both consumers and companies in the digital asset space.
Conclusion
The December 2024 Coinbase breach affecting nearly 70,000 users serves as a critical reminder of the ongoing cybersecurity threats in the crypto industry. While Coinbase’s quick response limited the damage, the incident underscores the need for stronger internal defenses and user education against phishing and social engineering.
As the crypto sector matures, trust and security will remain top priorities — especially for publicly traded platforms like Coinbase.