The cryptocurrency market began to rejoice as Bitcoin’s price went back above $100,000 and altcoins finally turned green, only to be hit by the news of Coinbase’s (COIN +9.77%) data breach.
On Thursday, the largest US crypto exchange reported that cybercriminals had compromised the data of about 1% of Coinbase’s users. The criminals bribed the company’s overseas support agents to steal customer data for social engineering attacks.
The data compromised includes name, address, phone, email, last four digits of social security, bank‑account numbers, and some bank account identifiers, government ID images, and account data, which includes balance snapshots and transaction history.
This incident, as per Coinbase estimates, may cost it anywhere between $180 million to $400 million to fix.
“It sucks but when we see a problem like this we want to own it and make it right, and that’s what we’re doing.”
– Coinbase’s Chief Security Officer, Philip Martin, in an interview with Fortune
In its official detailing of the incident, the crypto exchange operator noted that it was an extortion attempt.
What went down was that criminals targeted Coinbase’s overseas support staff and bribed a small group of them with cash to copy data from its customer support tools. The data was then used to contact the victims while pretending to be Coinbase and tricking them into handing over their crypto assets. According to the exchange:
“These insiders abused their access to customer support systems to steal the account data for a small subset of customers. No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched. We will reimburse customers who were tricked into sending funds to the attacker.”
Criminals then made an attempt to extort Coinbase for $20 million, as per the report.
The Failed Extortion Attempt
In a filing with the Securities and Exchange Commission (SEC), Coinbase reported receiving an email from an unknown threat actor on May 11 claiming to have information about certain customer accounts and other internal documentation, such as account management systems.
The email demanded money in exchange for not publicly disclosing the details of the data theft. Coinbase said it didn’t give in to the demand; rather than paying the million-dollar ransom, the company has established a $20 million reward fund for information leading to the attackers’ arrest and conviction. The company said the following in the blog:
“Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident. We’re cooperating closely with law enforcement to pursue the harshest penalties possible.”
Coinbase has already notified the affected customers and promised to reimburse those who were tricked and mistakenly sent funds to the scammer as a result of the social engineering attacks. The exchange is working with industry partners to trace stolen funds and help them recover. The accounts flagged by the exchange will now go through additional ID checks on large withdrawals.
To secure its operations, the company has also announced a new support hub in the US and is adding stronger security controls and monitoring across all locations.
The filing reveals that the breach was detected by Coinbase independently a few months ago, and insiders were fired immediately before being referred to law enforcement. Criminal charges will also be pressed.
Ari Redbord, the global head of policy at blockchain analytics firm TRM Labs, which helps law enforcement investigate crypto fraud, called the way Coinbase handled the incident “a really great example to other businesses of how to handle” exchange hacks.
The crypto industry, he noted at a panel at Consensus 2025, is “the perfect storm of weak cyber controls and ultimately it’s a good target.” Just earlier this year, Bybit was hacked for $1.5 billion.
Redford believes the answer may lie in more regulatory involvement. “There’s a lot we can do with governments in order to go after these bad actors that have nothing to do with crypto or blockchain intelligence,” he said.
Industry Blasts Coinbase, KYC Under Fire
The broad crypto industry is angry about the incident and censured Coinbase for following unsafe practices to handle user data and sitting on the breach for months on end, as unusual activity was first observed by the exchange back in January.
This may, however, as Bo Pei, an analyst at U.S. Tiger Securities noted, “push the industry to adopt stricter employee vetting and introduce some reputational risks.”
Many from CT (Crypto Twitter) pointed out the harmful effects of KYC (Know Your Customer), as such an incident isn’t exclusive to Coinbase but rather a much bigger problem that affects the broad crypto sector and goes far beyond.
Data breaches exposed over 422 million records worldwide in the third quarter of 2024 alone, as per Statista. According to Lefteris Karapetsas, founder of Rotkiapp, on X:
“Coinbase just proved again why centralized data honeypots are a disaster waiting to happen. KYC means handing over your identity to be leaked, sold, or extorted.”
He further pointed out how “lethal” the combination of data exposed here is, which comes just days after a daylight kidnapping attempt of a French crypto exchange co-founder‘s family. This marked the sixth crypto-related attack in France this year.
“Minimize the data you share with centralized tools. Store as much as you can locally. Always ask yourself what data am I giving and to whom? Remove the need for trust.”
– Karapetsas
Evgeny Gaevoy, the CEO of the market-making firm Wintermute, also took to X to talk about “the dark side” of the KYC.
“Making life marginally convenient for law enforcement and geopolitical games, while sacrificing our privacy, imposing a massive tax on pretty much all businesses, and making it easier for criminals to rob, kidnap, and do crime.”
– Gaevoy
Watershed Moment Ahead
The announcement of the Coinbase (COIN +9.77%) customer data breach sent the prices of the exchange stock down by 7.5%, only to recover completely today.
Coinbase Global, Inc. (COIN +9.77%)
As of writing, the $67.7 billion market cap company’s shares are trading at $265.75, up 6.41% so far this year and more than 85% from its April low. With that, its EPS (TTM) is 5.37, the P/E (TTM) is 49.52, and ROE (TTM) is 15.83%.
Besides the crypto market-wide recovery, COIN prices have also been supported by the news that it will gain entry into the benchmark S&P 500 stock index. This will take effect next week.
Founded in 2012 by Brian Armstrong and Fred Ehrsam, Coinbase became a publicly listed company during the last bull market in April 2021.
Now, it is all set to become the first crypto company to join the S&P 500 index, the world’s most influential stock market index that tracks the market performance of 500 of the largest publicly traded companies in the US. With this addition on May 19, COIN can potentially get exposure to a broader investor base and be included in funds that track the benchmark.
“The S&P 500 is a magnet for institutional capital and the bedrock of American retirement portfolios. This is a historic day for Coinbase and for the entire crypto industry.”
– Coinbase President Emilie Choi on X
According to Bernstein’s estimates, this move could generate as much as $16 billion in purchases from both active and passive funds backed by the index.
Coinbase is the “first and only crypto company to join the S&P 500,” wrote analysts led by Gautam Chhugani, who has an outperform rating on its shares with a price target of $310, which puts another upside of 17% from the current prices.
COIN will be replacing Discover Financial Services (DFS +0.44%), which got the approval of banking regulators to be acquired by Capital One (COF +0.19%) in a $35.3 billion deal.
Coinbase’s addition to the benchmark, the investment bank KBW believes, could open the way for other crypto firms to join the index.
Not Without Disturbances
In order to join the S&P 500, a company needs to report positive earnings in its latest quarter and over the sum of the prior four quarters, among other things.
Last week, the company reported net income of $66 million for Q1 of 2025. The company’s revenue for the period was $2 billion, which was a decrease of 10% from the previous quarter. Its transaction revenue also took a hit of 19% to $1.3 billion, while subscription and services revenue grew 9% to about $700 million.
Stablecoins are contributing the most to the company’s revenue after trading, surging 50% in 1Q25 from a year ago in the same quarter and 32% from the previous quarter.
Coinbase is the co-founder of the largest stablecoin by market cap of $60.6 billion, second to the $151.1 billion market cap Tether (USDT). The company aims to become the top stablecoin, with Armstrong saying:
“If you can get shared economics, I don’t see why we wouldn’t see more of these banks partnering with USDC.”
The exchange has a 50% revenue-sharing agreement with USDC issuer Circle. During this period, the exchange also launched new offerings like Bitcoin-backed USDC loans.
Amidst all this, Coinbase is being investigated by the US Securities and Exchange Commission (SEC) again. The exchange had only just gotten reprieve from SEC charges for allegedly failing to register with it for selling unregistered securities and offering staking activities. Now, it is back under the agency’s scrutiny.
This time, the securities regulator is investigating whether the exchange misrepresented its user numbers. While Reuters sources claim that the SEC is also looking into the lack of adequate KYC compliance, Coinbase spokesperson has denied such probing about KYC and Bank Secrecy Act rules.
While the other lawsuit has been dropped by the SEC, the agency continues to inquire into its “verified user” metric.
The investigation is regarding a metric that Coinbase used in marketing materials and included in securities filings. As per that, the company claimed to have over 100 million “verified users,” a data point which appeared in its original public offering document, but Coinbase stopped citing it a couple years after that.
“This is a hold-over investigation from the prior administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public. While we strongly believe this investigation should not continue, we remain committed to working with the SEC to bring this matter to a close.”
– Coinbase’s chief legal officer, Paul Grewal
Ready for Expansion with Global Ambitions
With 10 million active users and $400 billion in assets under management (AUM), Coinbase boasts over a 65% market share of US crypto exchange space.
While largest in the US, Coinbase has a smaller share of the global market and the exchange wants to change that with the recent acquisition of the world’s largest crypto options platform, Deribit, for a whopping $2.9 billion.
This move can help Coinbase gain traction in other regions around the world, where Binance has created a strong presence. So, the derivatives platform will allow it to better compete with Binance, which offers spot, futures, and options trading.
The acquisition will not only be a “game changer” for Coinbase’s international expansion plans, but it will also immediately diversify its revenue and boost profitability.
Deribit has a “consistent track record” and last year, it facilitated over $1 trillion in trading volume and boasts about $30 billion in open interest.
“We’ve built a strong, profitable business, and this acquisition will accelerate the foundation we laid while providing traders with even more opportunities across spot, futures, perpetuals, and options – all under one trusted brand. Together with Coinbase, we’re set to shape the future of the global crypto derivatives market.”
– Deribit CEO Luuk Strijers in a statement
This is just the beginning as going forward, the company will continue to look for merger and acquisition opportunities. Its $9.9 billion in USD resources (cash and cash equivalents and USDC) shows that Coinbase does have the bandwidth to pull such moves if opportunities come.
“Part of the benefit of being a public company is, you have a liquid currency to do that,” said Armstrong on Bloomberg Television. “We are looking at acquisition opportunities; doesn’t mean we swing at every pitch. We want it to be the right opportunity,” which means companies that help accelerate their product development and growth.
Coinbase also made acquisitions this year, such as Spindl and Iron Fish, to enhance its L2 Base’s capabilities in usability and privacy.
The Big Bet
As we noted, Coinbase is overall having a marvellous time except for the data breach casting a dark shadow over the positive developments.
While only a “small subset” of Coinbase customers are affected, it is no small thing given the severity of the exposed data and the danger the victims are facing as a result. The market, however, seems to have already shaken it off, with at least COIN prices back on the rise.
The exchange is currently preparing for its big day of joining the coveted S&P 500 index, further solidifying its position in the US financial system against the bullish backdrop of BTC’s price above $100K, spot Bitcoin ETFs garnering tremendous institutional interest, and regulatory clarity under the crypto-friendly Trump administration. Coinbase’s focus is now on bigger and better things ahead.
According to Armstrong, that doesn’t involve entering traditional finance (TradFi) as that would be looking backwards. According to him, asset classes like real estate, securities, debt, and money market funds, all are actually “coming on chain.”
So, Coinbase will look forward and “skate to where this opportunity is going.” For the next 5-10 years, the goal is to become “the number one financial services app in the world” for retail, small—and medium-sized businesses, institutions, and developers, with a focus on trading and payments.
Click here to learn if Coinbase really is the best crypto trading platform.