A new regulatory filing with the Office of the Maine Attorney General has quantified the impact of Coinbase’s data breach, revealing that 69,461 users had their sensitive information—including home addresses and phone numbers—stolen. The disclosure provides the first precise count of affected accounts, far exceeding earlier vague estimates.
Insider Wrongdoing: Hackers Bribed Customer Support Staff
According to the filing, the breach occurred on December 26, 2024, when attackers bribed overseas Coinbase customer support employees to gain access to user records. The hackers subsequently demanded $20 million in exchange for not publicly releasing the stolen data, a demand Coinbase firmly rejected. The company officially discovered the intrusion on May 11, 2025, attributing it to “insider wrongdoing.”
Scope of the Breach: 217 Maine Residents Among Victims
Of the total 69,461 compromised accounts, 217 belong to residents of Maine. Under state law, Coinbase was required to file a detailed report with the Maine Attorney General, including a template of the notification letter sent to affected users. The letter, submitted by outside counsel from Latham & Watkins LLP, urges users to be vigilant against phishing attacks and identity theft, and offers free credit monitoring services.
Industry Implications and Past Incidents
This is not Coinbase’s first security incident. In 2021, the exchange suffered account takeovers due to phishing attacks. The latest breach underscores the inherent risk of centralized exchanges holding vast amounts of user personal data. Analysts warn that while Coinbase has strengthened security measures, the vulnerability of internal employee bribery remains a tough challenge. Following the news, Coinbase shares fell approximately 2% in after-hours trading, reflecting investor concerns over user trust erosion.
As of press time, Coinbase has not released additional details about compensation plans or further investigation steps. However, the company stated in its notification that it immediately revoked the involved employees’ access and is cooperating with law enforcement on a criminal probe. While user account funds remain secure, the exposure of personal data could lead to long-term social engineering attacks.

