On January 7, 2025, the author received a phishing email claiming to be from Coinbase, notifying them of a withdrawal of 2.93 ETH. When a caller, posing as a Coinbase fraud prevention representative, contacted them, she had access to sensitive personal information, including the author’s social security number and exact Bitcoin balance. The author reported the incident to Coinbase immediately, providing a detailed security report that included technical analyses and evidence of the scam, but received no satisfactory answers regarding how the attackers obtained their private account data. Coinbase’s response was inadequate. Despite initially acknowledging the report, the company failed to address the key question about the source of the attacker’s information. It wasn’t until May 2025, four months later, that Coinbase disclosed a significant breach. Cybercriminals had bribed customer support contractors in India for sensitive data. The breach included names, addresses, social security numbers, and account balances, affecting less than 1% of Coinbase’s customers and resulting in a financial impact estimated between $180 million and $400 million. The phishing email appeared legitimate, complete with accurate branding and details, but the email headers revealed it was routed through Amazon SES instead of Coinbase’s servers. The author highlighted specific red flags, such as the caller’s inability to authenticate herself and a spike in spam messages following the call. This incident underscores vulnerabilities in Coinbase's security measures and raises concerns about customer data protection, especially in light of the company's delayed response to the breach.