---
schema_version: "secwatch.filing_event.v1"
accession: "0001679788-25-000094"
form_type: "8-K"
ticker: "COIN"
cik: "0001679788"
company_name: "Coinbase Global, Inc."
filed_at: "2025-05-15T23:59:59+00:00"
generated_at: "2026-05-21T05:17:13.238255+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.85
calibrated_materiality_score: 0.85
confidence: "high"
source: SEC EDGAR
---

# Coinbase cyber incident: estimated $180M-$400M remediation costs

## Summary
- Threat actor paid multiple contractors/employees to collect customer data from internal systems; incident detected May 11, 2025.
- Compromised data includes name, address, phone, email, masked SSN (last 4 digits), masked bank accounts, government ID images, account balances and transaction history.
- No compromise of passwords, private keys, or customer funds; targeted personnel had no access to customer funds.
- Preliminary estimated expenses of $180M to $400M for remediation and voluntary customer reimbursements.
- Coinbase will reimburse eligible retail customers who sent funds to threat actor as direct result; cooperating with law enforcement.

## SEC filing metadata
- accession: 0001679788-25-000094
- form_type: 8-K
- ticker: COIN
- cik: 0001679788
- company_name: Coinbase Global, Inc.
- filed_at: 2025-05-15T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.85
- calibrated_materiality_score: 0.85
- confidence: high
- sec_items: 1.05, 9.01
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1679788/000167978825000094/0001679788-25-000094-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1679788/000167978825000094/coin-20250514.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001679788-25-000094
- JSON: https://secwatch.observer/filing/0001679788-25-000094.json
- Plain text: https://secwatch.observer/filing/0001679788-25-000094.txt

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.