Coinbase just had a massive insider data breach that turned into a $16M phishing operation.
Here's what actually went down:
A 23-year-old got charged by Brooklyn DA in December 2025 for running a crypto phishing scam — but this wasn't your typical "click this link" nonsense. This was powered by insider theft.
Coinbase data handlers allegedly took bribes to sell customer data. We're talking historical balances, wallet addresses, contact details — the whole package that makes phishing actually work.
The attackers then tried to extort Coinbase for $20M to keep quiet about the breach.
Coinbase's response? Hard no. They flipped it and put up a $20M bounty on the attackers instead.
The takeaway: Even at a publicly traded exchange with compliance teams and security protocols, your data can get sold from the inside. Nothing is truly safe when humans are the weakest link.
This is why I'm paranoid about KYC data sitting in databases everywhere. One bribed employee and your entire crypto footprint is for sale.
Here's what actually went down:
A 23-year-old got charged by Brooklyn DA in December 2025 for running a crypto phishing scam — but this wasn't your typical "click this link" nonsense. This was powered by insider theft.
Coinbase data handlers allegedly took bribes to sell customer data. We're talking historical balances, wallet addresses, contact details — the whole package that makes phishing actually work.
The attackers then tried to extort Coinbase for $20M to keep quiet about the breach.
Coinbase's response? Hard no. They flipped it and put up a $20M bounty on the attackers instead.
The takeaway: Even at a publicly traded exchange with compliance teams and security protocols, your data can get sold from the inside. Nothing is truly safe when humans are the weakest link.
This is why I'm paranoid about KYC data sitting in databases everywhere. One bribed employee and your entire crypto footprint is for sale.