Coinbase Breach by Bribery
So, What Exactly Happened?
In early 2025, Coinbase revealed it had been the target of a sophisticated breach, not through advanced hacking, but through something much simpler: bribery. Hackers specifically targeted overseas support agents, offering money in exchange for access to internal systems the agents used every day to help customers. With internal access, the attackers were able to obtain a wide range of data to include:
Personal Information: Names, addresses, phone numbers, and email addresses.
Sensitive Information: Government ID images, masked bank account details, and masked social security numbers (last 4 digits only).
What Was the Impact?
It has been reported that less than 1% of Coinbase’s monthly users were affected. Using internal access, the attackers launched targeted scams, impersonating Coinbase to trick users into handing over their cryptocurrency. The attackers then tried to extort Coinbase for $20 million in exchange for not leaking the compromised customer data. Coinbase denied this offer.
What Likely Went Wrong
Here are some of the likely issues that made this kind of attack successful:
Lack of Insider Threat Awareness: Employees may not have received proper training to spot social engineering attempts like bribery.
Overprivileged Access: If an employee has access to sensitive data they don’t need for their daily job, that access becomes a golden ticket for attackers. It’s possible the bribed staff had more privileges than they should have.
How Could This Have Been Prevented?
Here are some things that companies can do to reduce the likelihood and risk of insider threats:
Implement employee trainings: Employees should be regularly trained to recognize bribery attempts, phishing, and other manipulative tactics.
Implement least privilege: Only give employees the access they absolutely need. If someone working in support doesn’t need a certain level of access, don’t give it to them “just in case.”
Final Thoughts
Throughout my journey studying cybersecurity and penetration testing, I’ve spent a lot of time learning about technical vulnerabilities, misconfigurations, and privilege escalation paths. But this breach was eye opening, revealing that human vulnerabilities are just as real, and just as dangerous. What I’ve learned is that even the most secure systems can be compromised if trust is placed in the wrong hands, or if insider access isn’t properly controlled.