The Coinbase Breach Explained: Insider Social Engineering Attack

Coinbase is not a company that cuts corners on security. They have a dedicated security team, world-class infrastructure, and the kind of compliance apparatus that comes with being publicly listed on NASDAQ and joining the S&P 500. None of it mattered. Because in late 2024, an attacker didn't try to break in. They simply walked up to the side door — the offshore customer support team — and offered someone cash to open it. This is the Coinbase breach. And it's one of the most important security case studies any business leader could study in 2025, because the lesson has nothing to do with code. What Actually Happened — The Full Timeline The breach started on December 26, 2024. Attackers — working through methods still under investigation — identified and contacted customer support agents working for Coinbase's outsourced support operations, primarily based in India. They offered cash to those agents in exchange for accessing and exporting customer data from Coinbase's internal suppo