- Coinbase Contractor Improperly Accessed ~30 Customer Data Without Authorization
- The informant was fired; Victims notified and offered identity theft protection services.
- The incident echoes the 2025 case in which cybercriminals bribed support agents to steal $400 million worth of customer data.
Coinbase has confirmed that it experienced an internal breach when a contractor accessed data of approximately 30 customers, without proper authorization.
“Last year, our security team detected that a single Coinbase contractor improperly accessed customer information, impacting a very small number of users (approximately 30),” a Coinbase spokesperson said. beepcomputer.
The company explained that the contractor was fired and affected people were notified and offered free identity theft protection services, in addition to reporting the incident to regulators.
Bribing contractors
Very little is currently known about this incident, but beepcomputer links it to screenshots that ransomware operators Scattered Lapsus Hunters (SLH) recently posted on their Telegram channel.
The screenshots, which were deleted shortly after being posted, allegedly showed Coinbase’s internal support interface, which contained sensitive information such as names, email addresses, dates of birth, phone numbers, KYC information, cryptocurrency wallet balances, and transactions.
It was also said that the screenshots could have been created by any other threat actor, making it highly unlikely that the fired contractor is a member of the infamous hacker collective. Instead, they could have been bribed to share the data, as happened last year.
In mid-May 2025, Coinbase said cybercriminals bribed overseas support agents to steal customer data in an incident that ended up costing the company $400 million. The hackers demanded Coinbase pay $20 million in ransom in exchange for the data, but that never happened. Instead, Coinbase offered a $20 million reward for any information leading to the arrest of the cybercriminals.
“Cybercriminals bribed and recruited a group of dishonest foreign support agents to steal Coinbase customer data and facilitate social engineering attacks,” the company said in a blog post.
“These experts abused their access to customer support systems to steal account data from a small subset of customers. No passwords, private keys, or funds were exposed and Coinbase Prime accounts are intact. We will refund customers who were tricked into sending funds to the attacker.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
