// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Coinbase Global Inc.
Breach Record

Coinbase Global Inc.

DISCLOSED 2025-05-15 · INSIDER

Coinbase disclosed that hackers bribed contractors or employees outside the US to steal sensitive customer data. The attackers demanded a $20 million ransom. This incident highlights the risk of insider threats in the cryptocurrency sector.

The record

What we know

Disclosed
2025-05-15
Attack vector
Insider
Sector
cryptocurrency
Country
US
Domain
coinbase.com
Data classes exposed
sensitive customer data
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · no · opinion

A positive-security model would not prevent data exfiltration by insiders with legitimate access, as the attack relied on bribed employees rather than unauthorized code execution.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other insider breaches on file

This page is the permanent ColdRecon entry for the Coinbase Global Inc. disclosure. It updates if new public reporting emerges. All tracked breaches →

Coinbase Global Inc. just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →