Emma Newbery, The Motley Fool

Wed, May 21, 2025, 6:05 AM5 min read

• Coinbase says that losses from the security breach could run between $180 million and $400 million.

• Hackers accessed personal data, including names, addresses, and masked bank account details.

• Cryptocurrency exchanges don't offer the same level of consumer protection as banks and brokerages.

• 10 stocks we like better than Coinbase Global ›

Last week, Coinbase (NASDAQ: COIN) told customers about a security breach in which criminals accessed personal data from around 1% of its monthly transacting users. The popular cryptocurrency exchange estimates the hack could cost it between $180 million and $400 million, per its May 14 SEC filing.

The hackers bribed Coinbase employees abroad so they could access user information on its internal systems. They then demanded a $20 million ransom from Coinbase, which the company refused to pay. Instead, it offered the money as a reward for information that helped to catch the criminals.

Coinbase says it informed all affected users by email and committed to reimbursing any losses. While the criminals didn't access sensitive data such as passwords, 2FA, or cryptocurrency keys, they did get their hands on significant amounts of personal data. That includes names and addresses, as well as masked Social Security numbers and bank account details.

This gives the hackers enough information to mount targeted social engineering attacks. These can be sophisticated schemes in which criminals use your information to trick you into giving up security codes, logging on to fake sites, or transferring money. For example, they might pose as Coinbase representatives and tell customers to move crypto into a so-called "safe" account.

According to The Block, Coinbase had around 9.7 million monthly transacting users. That means hackers could have accessed the data from around 97,000 users.

Coinbase says it will cover any customer losses that result from the hack. It promised to introduce stricter anti-fraud protections, strengthen its security controls, and open a support hub in the U.S. It also fired the employees involved in the incident. However, the attack raises questions about the safety of funds on crypto exchanges.

Indeed, banks can also get hacked. It happened to Santander in Spain last year. Cyberattacks are an unfortunate part of modern living. Even so, banks generally have better security and more consumer protections. Coinbase is choosing to make clients whole, but it doesn't have to.