Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on

What they got

• Name, address, phone, and email
• Masked Social Security (last 4 digits only)
• Masked bank‑account numbers and some bank account identifiers
• Government‑ID images (e.g., driver’s license, passport)
• Account data (balance snapshots and transaction history)
• Limited corporate data (including documents, training material, and communications available to support agents)

What they didn’t get

• Login credentials or 2FA codes
• Private keys
• Any ability to move or access customer funds
• Access to Coinbase Prime accounts
• Access to any Coinbase or Coinbase customer hot or cold wallets

How you can stay safe

Expect imposters. Scammers—related to this incident or not—may pose as Coinbase employees and try to pressure you into moving your funds. Remember, Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet. We will never call or text you to give you a new seed phrase or wallet address to move your funds to. If you receive this call, hang up the phone. Coinbase will never ask you to contact an unknown number to reach us.

In addition, here are a set of best practices:

• Turn on withdrawal allow‑listing —Only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.
• Enable strong 2FA —Hardware keys are best.
• Hang up on imposters —Coinbase will never ask for your password, 2FA codes, or to move funds to a “safe” wallet.
• Lock first, ask later —If something feels off, lock your account in‑app and email [[email protected]](mailto:[email protected]).
• Review our security tips on avoiding social engineering scams.

TL;DR Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks. These insiders abused their access to customer support systems to steal the account data for a small subset of customers.

No passwords, private keys, or funds were exposed and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker.

We’re cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack.

https://www.coinbase.com/blog/protecting-our-customers-standing-up-to-extortionists