Hackers claim 500K Coinbase France users exposed as researchers warn leak offers phsihing campaign "starter pack"

Published: 7 May 2026
coinbase france allegedly breached

A threat actor is advertising what they claim to be a dataset of 500,000 French crypto users, stolen from Coinbase.

The dataset specifically targets French Coinbase users. According to the post, the seller is offering multiple “packages” tailored to different buyers, including so-called “starter packs” and premium access tiers.

This kind of structure mirrors tactics frequently seen in phishing and crypto-targeting ecosystems.

ADVERTISEMENT

What was allegedly stolen?

A sample screenshot uploaded by the threat actor contains what appears to be personally identifiable information of users, including:

  • Full names
  • Email addresses
  • Physical addresses
  • Phone numbers

The screenshot shows 23 records. The information appears to reference real French individuals, though nothing in the sample explicitly ties the data to Coinbase users.

A Cybernews researcher who investigated the post and the data sample noted that while the PII "looks real," there is nothing in the listing that definitively points to Coinbase as the source.

"There is only PII that refers to French individuals, but no other info that would indicate where this data is from," our researcher said.

"The 500,000 records number cannot be independently verified either."

If the data proves to be legitimate, users are at heightened risk of social engineering and phishing attacks. Cybernews has reached out to Coinbase for a comment, but at the time of publishing, it has not received a response.

ADVERTISEMENT
coinbase
Screenshot by Cybernews

Why is this a big deal?

The current breach claims might add up to the relentless fire Coinbase has been experiencing on the security front – especially attacks involving social engineering and phishing.

In February 2025, an investigation revealed that the exchange's users were losing more than $300 million per year to social engineering scams, with at least $65 million stolen in December 2024 and January 2025 alone.

A single user reportedly lost 400 BTC in a single incident, and by May, victims reported hemorrhaging tens of millions of dollars per week to fraudsters impersonating Coinbase staff.

Datasets like the one currently up for sale on the hacker forum contribute to the problem, as attackers can exploit them to impersonate Coinbase and trick users into transferring funds or installing malware.

Coinbase has been breached before

Stolen datasets likely come from scraped databases, previous leaks, or third-party vendor exposures. It is also not uncommon for hackers to repackage old data and try to resell it on forums.

In this case, the data source remains unverified. However, Coinbase has suffered security incidents before, including breaches of data.

In May 2025, Coinbase disclosed that cybercriminals had “recruited rogue” contractors, who had leaked sensitive customer data, including government-issued IDs and bank details. Attackers unsuccessfully tried to extort the company for $20 million.

ADVERTISEMENT

A subsequent filing confirmed 69,461 customers were affected. In 2026, ShinyHunters flashed data on a Telegram group that appeared to have been stolen from Coinbase in the same breach.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT