How to Protect Your Crypto After the Coinbase Breach | McAfee Blog

In a significant security incident, Coinbase, a leading cryptocurrency trading platform, recently disclosed a data breach impacting nearly 70,000 users. This breach, attributed to “insider wrongdoing,” exposed sensitive personal information. This post details how the breach occurred, what data was compromised, and, most importantly, provides crucial steps you can take to protect yourself from potential follow-on attacks and identity theft.

This comprehensive guide will delve into the specifics of this breach: how the “insider wrongdoing” facilitated the attack, precisely what information was exposed, and the immediate, actionable steps you can take to safeguard your digital assets and personal identity in the wake of this incident.

What Happened in the Coinbase Breach?

According to a filing with the Office of the Maine Attorney General, which mandates public disclosure for such incidents, a total of 69,461 individuals were affected by this breach. The incident itself occurred on December 26, 2024, though the first signs of the compromise were only detected on May 11, 2025. This timeline is not uncommon for data breaches, as it can often take months for criminal activity to be fully uncovered.

Coinbase’s official statement details the progression of the breach:

Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up.

In a firm stance against such criminal activity, Coinbase has publicly refused to pay the ransom. Instead, the company has established a substantial $20 million reward fund, offering it for information that leads to the arrest and conviction of the attackers responsible.

What Information Was Stolen in the Coinbase Data Breach?

The attackers gained access to a range of sensitive user data. According to Coinbase, the compromised information includes:

• Personal Identifiers: Names, physical addresses, phone numbers, and email addresses.
• Financial Data (Masked): Masked Social Security numbers (last 4 digits only) and masked bank account numbers, along with some bank account identifiers.
• Identity Documents: Images of government-issued IDs (e.g., driver’s licenses, passports).
• Account Activity: Snapshots of account balances and transaction history.
• Limited Corporate Data: Documents, training materials, and communications accessible to support agents.

Crucially, Coinbase has confirmed that the attackers did not gain access to the following critical elements:

• Login credentials or two-factor authentication (2FA) codes.
• Private keys associated with user wallets.
• Any direct ability to move or access customer funds.
• Access to “Coinbase Prime” accounts.
• Access to any Coinbase or Coinbase customer hot or cold wallets.

What is Coinbase Doing About the Breach of Customer Information?

To summarize the company’s own words, they’re “protecting their customers and standing up to extortionists” by taking several steps. Highlights of their response include:

• Affected Account Holder Notifications: Email notifications were dispatched to all affected account holders on May 15, 2025. Furthermore, “flagged accounts now require additional ID checks on large withdrawals and include mandatory scam-awareness prompts.”
• Enhanced Defenses: The company is significantly increasing its investment in insider-threat detection and automated response systems. They are also “simulating similar security threats to find failure points in any internal system.”
• Securing Support Operations: Coinbase plans to open a new support hub within the U.S. and implement “stronger security controls and monitoring across all locations.”

Additionally, Coinbase is actively collaborating with law enforcement agencies and intends to pursue criminal charges against the insiders involved, who were reportedly terminated immediately upon discovery of their involvement.

What Will Scammers Do With the Stolen Coinbase Information?

For one, the people holding the stolen data apparently attempted to extort the company—a ransom that the company says it will not pay, as covered above. With that, there’s the possibility the people involved might turn to other buyers or release the info on the dark web, whether for sale or for free.
As with any breach, expect follow-on scams in the wake of this breach, as a potential wave of scammers might pose as Coinbase employees. Some might use the stolen info to make the scam sound more credible, some might not. Regardless, this attack calls for extra vigilance on the part of Coinbase users and crypto holders in general.
Coinbase offered specific guidance for its users, which we’ll add to—all so Coinbase users and crypto traders in general can stay safer.

Coinbase suggests:

• Turn on withdrawal allow listing —Only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.
• Enable strong two-factor authentication —Hardware keys are best.
• Hang up on imposters —Coinbase will never ask for your password, 2FA codes, or to move funds to a “safe” wallet.
• Lock first, ask later —If something feels off, lock your account in-app and email security@coinbase.com.

McAfee’s Essential Safeguards

Beyond Coinbase’s advice, McAfee offers robust solutions to further protect yourself:

Protect yourself from scammers

• McAfee Scam Detector: Our advanced Scam Detector technology is designed to identify and block scams across text messages, emails, and videos. This is particularly crucial after a breach, as scammers might send bogus “account alerts” with links to phishing sites. Scam Detector automatically detects these threats and blocks risky links, even if you accidentally click them.

• Reduce Your Digital Footprint: Limit the amount of personal information available to scammers. The more details they have about you, the more credible their phishing attempts can appear.

• McAfee Personal Data Cleanup: Many scammers gather information from data broker sites. Our Personal Data Cleanup service scans the riskiest data broker sites, identifies where your personal information is being sold, and, depending on your McAfee+ plan, can help you remove it.

• McAfee Social Privacy Manager: Social media platforms are notorious for being a source of personal information for scammers. McAfee Social Privacy Manager allows you to adjust over 100 privacy settings across your social media accounts in just a few clicks, significantly enhancing your online privacy.

These features are all included in our comprehensive McAfee+ plans.

How to Protect Yourself from Identity Theft

Follow-on attacks after data breaches often involve identity theft. With pieces of personal info that they can puzzle together, thieves then try to open new accounts, lines of credit, and so forth in someone else’s name. Protection like the following, also included in our McAfee+ plans, can keep you safer.

Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. Meanwhile, Security Freeze can prevent unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name.

And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

Additionally, Identity Monitoring scans the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. It helps keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.

The Coinbase data breach serves as a stark reminder of the persistent threats in the digital world. While Coinbase is taking steps to address the breach, proactive personal security measures are paramount. By implementing the recommendations from both Coinbase and McAfee, you can significantly reduce your risk of falling victim to scams and identity theft. Stay vigilant, secure your accounts, and protect your digital life.