Background of Coinbase’s May 2025 breach
Coinbase, America’s largest cryptocurrency exchange, received an unsolicited email from an unknown threat actor on May 11, 2025. They claimed to possess sensitive information about its customers and demanded a ransom of $20 million.
Before examining the breach, it is interesting to understand how it happened at a public company that spends millions monthly on cybersecurity. In February, blockchain investigator ZachXBT reported increased thefts involving Coinbase users. He blamed aggressive risk models and pointed out Coinbase’s failure to prevent $300 million in yearly losses from social engineering scams.
A table ZachXBT shared on X showed $65 million stolen from users between December 2024 and January 2025. He also said the real losses could be higher, as his data only came from his direct messages about onchain thefts, and excluded Coinbase support tickets and police reports he couldn’t access.
The