Executive Summary
- A security researcher alleges Coinbase was aware of a data breach four months before its official public disclosure in May 2025.
- The breach exposed the personal and financial information of 69,461 customers after support staff were allegedly bribed.
- The researcher, Jonathan Clark, claims he reported evidence of the compromise on January 7 after scammers targeted him using his stolen Coinbase data.
- Clark states that after an initial acknowledgment, Coinbase failed to respond to his repeated follow-up inquiries about the security incident.
A security researcher is publicly challenging the timeline provided by Coinbase for a significant data breach, alleging he provided the company with evidence of the intrusion four months before it was disclosed. The breach involved the personal and financial data of nearly 70,000 customers.
Official Disclosure vs. Researcher’s Claim
In a May 2025 filing with the U.S. Securities and Exchange Commission, Coinbase reported that a data breach occurred on December 26, 2024, but was not discovered until May 11, 2025. The company stated that attackers stole information from 69,461 customers by bribing support staff. The compromised data included names, dates of birth, partial Social Security numbers, addresses, and transaction histories.
However, security researcher Jonathan Clark disputes this timeline. In a detailed account, Clark asserts he contacted Coinbase on January 7, 2025, after he was targeted by scammers who possessed his highly specific personal and account information, which he believes was obtained from the breach.
Details of the Scam Attempt
Clark described the experience as “chilling,” stating that a caller claiming to be a Coinbase fraud analyst knew his Social Security number and Bitcoin balance “down to the decimal point.” He identified several red flags, including the caller’s inability to verify her identity and the use of a Google Voice number. The scammer attempted to persuade him to move his cryptocurrency to an attacker-controlled wallet, a common social engineering tactic.
According to Clark, he submitted a “comprehensive security report” detailing the incident to Coinbase that same day. He received a prompt reply from Coinbase’s Head of Trust and Safety, Brett Farmer, who called the report “super robust” and promised an investigation. Clark claims that despite this initial response, his four subsequent follow-up emails in January went unanswered.
Unanswered Questions
Clark’s allegations suggest a significant discrepancy between when Coinbase may have been first alerted to the data compromise and its official disclosure date. “For four months, my questions went unanswered,” he wrote, referring to his attempts to learn how attackers obtained his private data. Coinbase has not publicly responded to the researcher’s claims. It is important to note that all individuals are presumed innocent until proven guilty in a court of law.