Coinbase breach affected about 70,000 customers

Coinbase’s 2024 customer-data breach is still being cited nearly a year later because the incident was larger and more specific than the shorthand descriptions often suggest. A May 23, 2026 TradingView News facts roundup said the breach affected about 70,000 customers and noted no newer company event had displaced it as the main recent fact attached to Coinbase. The figure traces back to disclosures made after Coinbase said criminals bribed a small group of overseas customer-support agents to copy data from internal support tools. Coinbase said the attackers later tried to extort the company for $20 million and that it refused to pay. ### Where does the 70,000 figure come from? The clearest public count was 69,461 affected users. That number appeared in a Maine breach filing cited by later coverage and is the basis for the “about 70,000” figure repeated in the May 23 TradingView item. (tradingview.com) TradingView’s May 23 roundup did not add new breach details, but it reaffirmed that the incident remains a reference point for Coinbase. (coinbase.com) The item paired the breach figure with a separate update on Coinbase’s use of Chainlink’s CCIP protocol. ### What did Coinbase say happened inside the company? Coinbase said criminals targeted customer-support agents overseas with cash offers. (tradingview.com) In the company’s account, a small group of insiders copied data from customer-support tools, giving attackers a list of customers they could contact while posing as Coinbase. The company said the compromised information involved less than 1% of Coinbase monthly transacting users. (tradingview.com) Coinbase framed the operation as a social-engineering and insider-assisted breach, not a theft of passwords or private keys from its core systems. ### What kind of data was exposed? Prior reporting on the incident said attackers obtained personal information used in account servicing and identity verification. (coinbase.com) That reporting said the stolen material included data that could help scammers impersonate Coinbase and target customers directly. Coinbase’s own post said the attackers’ aim was to build a customer list for follow-on fraud. (coinbase.com) The company said the extortion attempt was tied to that stolen customer information. ### When did Coinbase discover the breach? The timeline disclosed in later coverage said the breach occurred on Dec. 26, 2024, and was discovered on May 11, 2025. That gap became a focus of subsequent reporting and lawsuits because it meant the intrusion went undetected for months. (tradingview.com) Coinbase described the May 11, 2025 trigger as an unsolicited email from a threat actor claiming to possess customer data and demanding payment. (coinbase.com) The company then published its account of the incident and said it was standing up to the extortion attempt. ### Why is the breach still being mentioned now? TechNadu’s May 23, 2026 cybersecurity roundup placed Coinbase alongside other major cyber incidents in a week defined by law-enforcement actions, cybercrime disruption and legacy-system risk. (tradingview.com) That framing did not report a new Coinbase development, but it showed the breach still being used as a live example in broader security coverage. (tradingview.com) Coinbase’s current investor-relations page still lists its active SEC filings, and the company’s customer post about the extortion attempt remains publicly available. Those two records are the clearest places to track whether Coinbase adds fresh disclosures, legal updates or remediation details. (investor.coinbase.com) (tradingview.com)