KYC Data Is No Longer Safe – Coinbase Data Leak Shocks 70,000 Users

A big data breach at Coinbase has exposed the personal details of 70,000 customers and might cost the company up to $400 million. It all started in India, where someone working with Coinbase was paid to leak the data. Now, many people are asking if the KYC rules that are supposed to keep them safe are making things worse.

How the Breach Happened?

The breach, which happened in December 2024, was not caused by a direct hack of Coinbase’s systems. Instead, hackers bribed a customer service agent working for TaskUs in India to steal sensitive information belonging to about 70,000 Coinbase users.

This employee allegedly used her personal phone to take pictures of private data, while a suspected accomplice helped pass this information on to the hackers. The stolen data included government-issued IDs, home addresses, and other personal details.

In May 2025, Coinbase officially revealed the breach in an SEC filing and confirmed that employee data had also been accessed during the incident.

Perhaps, this shocking act turned the spotlight on how KYC and outsourced teams might be exposing crypto users to serious risks.

KYC: Helping or Hurting?

Eventually, KYC was introduced to stop money laundering and crime. But in real life, it’s the everyday crypto users who get exposed when there’s a breach. Illicit actors are even using fake IDs made with AI to get around these checks. 

However, 404 Media reported that half of identity checks can now be bypassed with these AI tools. In one case in 2023, blockchain detective ZachXBT showed how easy it was to trick an exchange by pretending to be North Korean leader Kim Jong-Un!

What’s The Solution: Zero-Knowledge Tech

Some people think zero-knowledge (ZK) technology could be the answer. It can let people prove their identity without sharing personal details. 

But ZK tools are costly and hard to put in place, and experts believe that regulators are unlikely to relax KYC rules anytime soon.

As the fallout continues, users are urged to take extra steps to stay safe. Experts recommend turning on two-factor authentication and never sharing seed phrases or private info with anyone