A recent filing with Maine’s attorney general sheds new light on Coinbase’s data breach, claiming that nearly 70,000 users were impacted and that the incident went unnoticed for nearly six months.

According to the filing submitted by legal firm Latham and Watkins LLP, 69,461Coinbase users were compromised by the breach, 217 of whom are residents of the US state of Maine.

The document also indicates the breach occurred on Dec. 26, 2024, but was only discovered on May 11, 2025 — nearly six months following the cybersecurity incident.

Coinbase now faces a flurry of lawsuits from affected clients, who argue that the exchange failed to notify victims of the security breach in a timely manner. The attack caused $400 million in losses through social engineering scams and remediation costs, Coinbase has said.

Cointelegraph contacted Coinbase for comment, but had not received a response at time of publication.

Coinbase data breach incident details. Source: Maine Attorney General

The data breach sparked debate about the ethics of Know Your Customer (KYC) data collection, which some argue adds risks to crypto holders. The incident also reflects the growing number of cybersecurity incidents plaguing the industry.

Related: Coinbase faces lawsuit over alleged breaches of Illinois biometric privacy law

The Coinbase data breach sends shockwaves through the crypto world

Coinbase became the target of a ransom attempt after scammers convinced several Coinbase customer service representatives to hand over limited user information, including client names, contact information, and physical addresses.

The scammers then attempted to extort the company into paying a ransom of $20 million in exchange for not leaking the data. However, Coinbase refused to negotiate with the threat actors.

The crypto exchange fired the contractors who collaborated with the scammers to hand over the user data and also promised remediation or reimbursements for any impacted clients.

Despite the remediation efforts, shares of Coinbase slid by 7% following news of the data breach and the subsequent extortion attempt.

Later reports revealed that Roelof Botha, a partner at venture capital firm Sequoia Capital, was also a victim of the data leak, suggesting that the incident also impacted other individuals or entities tied to the VC firm.

The United States Department of Justice (DOJ) opened a probe into the leak; it hadn’t published updates on the incident or the extortion attempt as of May 21.

Industry executives, investors, and legal experts have warned that such data leaks threaten the physical safety of crypto investors by making them the targets of extortion attempts, kidnapping, and armed robbery.

Magazine: Pink Drainer creator defends his wallet-draining crypto scam kit