Coinbase data breach exposes 70,000 users, sparks KYC scrutiny

A significant data breach at Coinbase has compromised the personal information of nearly 70,000 users, intensifying discussions around the effectiveness of Know Your Customer (KYC) protocols in the cryptocurrency industry.
The breach, which occurred in December 2024 but was only discovered in May 2025, involved overseas customer support agents who were bribed to provide unauthorized access to sensitive customer data, Cointelegraph repotred.
Implications for the industry
The incident has prompted calls from industry experts and privacy advocates to reevaluate the necessity and implementation of KYC requirements, suggesting that such measures may inadvertently increase the risk of data breaches without significantly deterring illicit activities.
The compromised data includes names, addresses, phone numbers, email addresses, partial Social Security numbers, masked bank account numbers, government-issued ID images, and account transaction histories. While no passwords or private keys were accessed, the breach has raised concerns about the storage and security of personal information collected through KYC procedures.
In response to the breach, Coinbase has terminated the involved support agents, ceased operations with the implicated outsourcing firm, and implemented stricter security protocols. The company has also offered affected users one year of free credit monitoring and identity protection services.
How to change the rules
Some users advocate replacing traditional KYC procedures with modern innovations like zero-knowledge (ZK) technology. This approach enables one party to prove the validity of information without disclosing the underlying data. In theory, it could allow regulators to meet compliance standards while preserving users’ privacy.
As the cryptocurrency sector continues to grapple with security challenges, this breach underscores the need for a balanced approach to user verification that protects personal data while maintaining compliance with regulatory standards.
We wrote earlier that Coinbase faces another data breach lawsuit.