No funds were directly stolen from Coinbase customer accounts, but the company could end up being on the hook for hundreds of millions in remediation and customer reimbursement costs.

More importantly, the details behind this security breach underscore recent comments made by Binance CEO Richard Teng, regarding the prevalence of complex cybersecurity threats, and his approach to fighting back against this threat.

As Teng put it, "We've seen a rise in increasingly sophisticated scams. That's why we've strengthened both our technical defenses and user awareness efforts." He continued by explaining, "The first layer is our responsibility-firewalls, detection systems, AI threat modeling. But the second layer is just as critical: users must know how to secure their wallets, use 2FA, and avoid phishing attempts."

In light of recent events, Coinbase (not to mention its competitors) may want to follow suit with an approach similar to that of cyber safety at Binance.

2025 Coinbase Hack: What Happened

The recent Coinbase security breach may come as a surprise to many, given how the platform has for years carried a reputation of being "the world's safest exchange." The US-based exchange had built this reputation by having a deep regulatory moat, spending far more than most rivals on security (as much as 15% of its annual operating expenses), as well as by utilizing cold storage to protect customer assets.

Nevertheless, despite this heavy focus on security/fraud prevention processes and technology, Coinbase had one vulnerability that could be readily exploited by hackers: the exchange's customer support staff, made up of contractors located overseas. The instigators of this security breach didn't need to "hack" into Coinbase's network: all they had to do was bribe the security.

As reported on May 15, that's what they did. Obtaining personally identifiable information (PII) like names, addresses, and social security numbers belonging to a portion of Coinbase's customer base, the cyberattackers then proceeded with a ransom and extortion attempt to monetize this data.

Through an email, the cyberattackers threatened to release the stolen data, unless they received $20 million. However, instead of giving into the threat, Coinbase's management reported the incident to law enforcement, and fired the compromised contractors.

Key Lesson Learned for Coinbase and its Competitors

Coinbase didn't give in to the ransom demand, and no customer assets were stolen in this cyberattack. However, the incident is not without potential financial costs. As this data could be used for phishing and SIM-swap scams, customers whose personal information was compromised remain at risk.

By promising to cover any financial losses related to this incident, including from such attacks, the total cost to Coinbase is expected to come in between $180 million and $400 million, per figures in the aforementioned Reuters article.

The larger loss for Coinbase, however, is the potential severe hit to the company's past reputation as being one of the "safer" cryptocurrency trading platforms. Coinbase, not to mention its many rivals, has a key "lesson learned" from this incident: "safety" is relative, and goes beyond cybersecurity infrastructure and practices. Third-party and insider risk must be adequately accounted for as well.

There's Already a Security Stack to Follow

As aforementioned quote from Binance CEO Richard Teng put it, crypto cyberattacks are getting more sophisticated. The attackers know that the outright theft of coins from exchanges is more difficult than ever, so they've found a new low-hanging fruit: highly valuable sensitive customer information, easy to obtain through bribery and social engineering attacks.

Coinbase lacked adequate protocols to counter this risk. As seen from the recent thwarting of a similar attack by Binance and Kraken, there are security approaches that are proven to counter this new and sophisticated threat.