Brinztech Alert: 6 Million Records of Coinbase Users on Sale for $5,000

Dark Web News Analysis: Over 6 Million Coinbase User Records on Sale

A database allegedly containing the personal information of over six million users of the cryptocurrency exchange Coinbase is being offered for sale on a hacker forum for $5,000. The seller is attempting to create scarcity and urgency by offering only three copies of the data. A breach of one of the world’s largest and most well-known cryptocurrency exchanges is a critical security event that puts a massive number of investors at high risk. The compromised data reportedly includes:

• User PII: Full names, email addresses, phone numbers, physical addresses, and dates of birth.
• Record Count: Over 6 million Coinbase users.

Key Cybersecurity Insights

A database of verified cryptocurrency owners from a top-tier exchange is one of the most valuable and dangerous datasets on the cybercriminal underground.

• A Massive “Hit List” of Cryptocurrency Owners: A verified list of over 6 million users from a major exchange like Coinbase is an invaluable asset for criminals. This is effectively a “hit list” that will be used globally to orchestrate highly targeted attacks—including sophisticated phishing, SIM swapping, and social engineering—with the direct goal of stealing cryptocurrency from user accounts.
• Extreme Risk of Physical Extortion and “Wrench” Attacks: As with any breach that links cryptocurrency ownership to a physical home address, this leak creates a severe risk of real-world harm. Criminals are known to use this type of data to target users for home invasions, kidnapping, or direct extortion (a “$5 wrench attack”) to physically coerce victims into handing over their crypto assets.
• A Severe Blow to Trust for a Publicly Traded Crypto Giant: For a major, publicly traded company like Coinbase, security and user trust are paramount. A confirmed data breach of this magnitude would cause immense reputational damage, trigger a severe response from financial regulators like the SEC, and could negatively impact its stock price and overall user confidence in the platform’s security.

Critical Mitigation Strategies

Coinbase must launch an urgent investigation, while its millions of users must take immediate action to protect their funds and personal safety.

• For Coinbase: Immediately Launch a High-Priority Investigation: Coinbase must immediately launch a full forensic investigation to confirm or deny the validity of this breach. Identifying the source of the leak, whether from an internal system or a compromised third-party partner, is a critical first step to containing the incident.
• For Coinbase Users: Mandate the Strongest Possible MFA: This is the single most effective defense against the misuse of this data for account takeover. All users must enable the strongest form of Multi-Factor Authentication (MFA) available on their accounts, preferably using a hardware security key (like a YubiKey) or at least a time-based authenticator app.
• For Coinbase Users: Be on Maximum Alert for Phishing and SIM Swaps: All Coinbase users must assume they are now a high-priority target. They need to be extremely suspicious of any unsolicited communication from “Coinbase support.” They should also be acutely aware of the signs of a SIM swap attack (a sudden loss of mobile service) and be prepared to contact their mobile carrier immediately if it occurs.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com