Coinbase disclosed a data breach affecting 69,461 users that occurred on December 26, 2024, and was not discovered until May 11, 2025. The breach allowed hackers full access to sensitive personal information, including Know Your Customer (KYC) data, which exposed users to risks such as phishing scams and potential physical attacks. Reports indicate that some Coinbase employees accepted bribes to provide user data to hackers, who subsequently demanded a $20 million ransom. Despite the breach, Coinbase confirmed that no user funds were lost. The incident has drawn scrutiny from the U.S. Department of Justice, which is investigating the matter. The breach was formally reported in a filing with the Maine Attorney General's office, and Coinbase has faced criticism for the delay in disclosing the incident.