Coinbase Data Breach Lawsuit: 2025 Insider Theft
Data Breach · MDL Consolidated

Coinbase Data Breach Class Action Lawsuit (2025 Insider Breach)

Published July 14, 2026

If you got a Coinbase breach notice in 2025 — or a call from someone claiming to be Coinbase "support" — this is the case. It grew out of an inside job, and right now there is nothing to claim in court.

A cryptocurrency and data-security illustration, representing the 2025 Coinbase customer data breach litigation, MDL 3153
Coinbase disclosed in May 2025 that bribed overseas support agents stole customer data later used in social-engineering scams. The consolidated litigation is MDL No. 3153 in the Southern District of New York.
Allegations Only · No Settlement Yet

This article describes consolidated class action complaints. The plaintiffs' statements are unproven allegations. Coinbase has not been found liable, there is no certified class, and there is nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

Coinbase, the cryptocurrency exchange, is facing consolidated federal litigation over a 2025 data breach that Coinbase itself has described as an inside job. The cases are gathered as In re: Coinbase Customer Data Security Breach Litigation, MDL No. 3153, before Judge Edgardo Ramos in the U.S. District Court for the Southern District of New York.

In a securities filing in May 2025, Coinbase disclosed that attackers had paid multiple overseas customer-support contractors to pull customer information from internal systems those workers could reach for their jobs. The stolen data was then used to power social-engineering scams aimed at tricking customers into handing over their crypto. (This 2025 breach is a separate matter from the older Coinbase "Dogecoin sweepstakes" case.) Coinbase has not been found liable, and the plaintiffs' claims remain unproven allegations.

Status MDL Consolidated — Pleading Stage MDL 3153 · S.D.N.Y. · Judge Edgardo Ramos · consolidated Dec. 2025 · arbitration motion expected
Data Exposed Names, contact info, masked SSN/bank, ID images 69,461 customers (Maine AG filing) · no passwords, private keys, or full SSNs · no customer funds accessed
Can I Claim? No — nothing to claim yet No class settlement · Coinbase separately pledged to reimburse customers scammed into sending crypto

How the Breach Happened

According to Coinbase's own disclosures, this was not a typical outside hack of Coinbase's defenses. Coinbase said attackers bribed multiple customer-support contractors working outside the United States to collect customer information from internal Coinbase systems. On May 11, 2025, an unknown actor emailed Coinbase demanding roughly $20 million not to publish the stolen data. Coinbase refused the demand, disclosed the incident in an SEC filing on May 14, 2025, terminated the personnel involved, and referred them to law enforcement. Coinbase also established a $20 million reward fund for information leading to the attackers' arrest.

A breach notification Coinbase filed with the Maine Attorney General listed 69,461 people affected — a figure Coinbase has characterized as under 1% of its monthly transacting users. Coinbase has estimated the incident could cost it between $180 million and $400 million to remediate.

What Was Exposed — and What Wasn't

Per Coinbase, the stolen data could include names, addresses, phone numbers, email addresses, masked Social Security numbers (the last four digits), masked bank-account information, government-ID images such as driver's licenses or passports, and account-balance and transaction history. Coinbase has said that no passwords, no private keys, no full Social Security numbers, and no customer funds were accessed, and that the support personnel could not move customer money.

The real-world danger came next. Armed with names, contact details, and account information, scammers impersonated Coinbase support and tried to trick customers into transferring crypto to attacker-controlled wallets. Coinbase pledged to reimburse customers who were deceived into sending funds as a result of the incident, and offered affected users 12 months of free credit monitoring and identity protection.

What the Lawsuits Allege

The consolidated complaints allege that Coinbase failed to implement reasonable data-security and insider-threat controls, was too slow to detect and contain the improper access, and delayed notifying affected customers — leaving them exposed to identity theft and the social-engineering scams that followed. Plaintiffs bring the negligence, breach-of-contract, and state consumer-protection claims typical of data-breach litigation.

One threshold issue looms over the case: Coinbase's user agreement contains an arbitration clause, and Coinbase is expected to ask the court to send the disputes into individual arbitration rather than let them proceed as a class action. How the court rules on that could significantly shape the litigation. As with any complaint, these are allegations only; Coinbase has not been found liable, and no class has been certified. (A separate securities-fraud lawsuit alleges Coinbase misled investors about the breach; that is a distinct case, not part of this consumer MDL.)

Is There a Coinbase Settlement Yet?

No. This is litigation, not a settlement.

There is no class settlement, no fund, no claim form, and no deadline. The MDL is in its early pleading stage. The only money paths that exist run through Coinbase directly — its pledge to reimburse customers who were scammed into sending crypto, and the free credit monitoring it offered affected users. Neither of those is a court-approved class settlement. Treat any website offering a "Coinbase breach claim form" or "settlement payout" as illegitimate.

Who Is Affected and What You Can Do

The affected population is the roughly 69,000 Coinbase customers identified in the breach notification — those whose data the bribed support agents accessed. A subset were then targeted by scams attempting to trick them into transferring crypto.

• Be extremely skeptical of anyone contacting you as Coinbase "support" and asking you to move funds, share a code, or send crypto to a "safe" wallet — Coinbase will not ask you to do that.
• Turn on the strongest two-factor authentication available (an authenticator app or hardware key, not SMS) and set up a withdrawal allow-list if you use one.
• If you received a breach notice, consider the free credit monitoring offered, and consider a credit freeze.
• If you were tricked into sending crypto because of this incident, review Coinbase's reimbursement process. There is no court claim to file at this stage.

For breach settlements that are open and claimable now, see OCA's data breach settlements tracker.

Frequently Asked Questions

Is there a Coinbase data breach settlement yet?

No. MDL 3153 is in the early pleading stage in the Southern District of New York. There is no class settlement, no fund, and no claim form. Coinbase's reimbursement pledge and credit monitoring are handled by Coinbase directly, not through a court settlement.

What was taken?

Names, contact information, masked Social Security numbers, masked bank details, government-ID images, and account/transaction data for 69,461 people. Coinbase says no passwords, private keys, full SSNs, or funds were accessed.

Do I need to file a claim?

No. Because this is a lawsuit and not a settlement, there is nothing to claim and no deadline. Watch for scams, secure your account, and keep any breach notice. If a class is certified or a settlement is reached, a claims process and deadlines would be announced separately.

Sources

• U.S. Securities and Exchange Commission — Coinbase Form 8-K disclosing the incident (May 14, 2025): Coinbase 8-K (SEC EDGAR)
• Maine Attorney General — Coinbase data breach notification (69,461 affected): Maine AG Breach Notice
• Judicial Panel on Multidistrict Litigation — transfer order creating MDL No. 3153 (Dec. 12, 2025): JPML Transfer Order
• CourtListener — docket for In re Coinbase Customer Data Security Breach Litigation, No. 1:25-md-03153 (S.D.N.Y.): CourtListener Docket


For more class actions keep scrolling below.
Status MDL Consolidated — Pleading Stage (no settlement)
Case In re Coinbase Customer Data Security Breach Litigation
MDL Number MDL No. 3153 · No. 1:25-md-03153
Court U.S. District Court, S.D.N.Y. · Judge Edgardo Ramos
Consolidated December 12, 2025 · breach disclosed May 2025
Court Docket CourtListener Docket

Related Data Breach Cases & Settlements