The cryptocurrency industry faced another stark reminder of the security challenges accompanying digital asset adoption on February 15, 2019, as major brokerage platform Coinmama disclosed a significant data breach affecting approximately 450,000 of its users. The incident, which involved the exposure of email addresses and hashed passwords, underscored the vulnerabilities that continued to plague the rapidly evolving digital asset ecosystem.
TL;DR
- Coinmama discovered a breach affecting roughly 450,000 registered users on February 15, 2019
- Compromised data included email addresses and hashed passwords of users who registered before August 5, 2017
- No evidence of the stolen data being actively exploited by perpetrators had been found as of the disclosure date
- The breach was later catalogued by Have I Been Pwned, affecting approximately 479,000 subscribers
- The incident highlighted ongoing security concerns across cryptocurrency platforms during a period of growing mainstream interest
What Happened at Coinmama
Coinmama, one of the older and more established cryptocurrency brokerages in the market, revealed that a perpetrator had gained unauthorized access to a substantial portion of its user database. The compromised records primarily consisted of users who had created accounts on the platform prior to August 5, 2017, meaning the affected data was already somewhat dated at the time of discovery.
The stolen information included approximately 450,000 email addresses paired with hashed passwords. While hashed passwords are significantly more difficult to exploit than plaintext credentials, the breach still posed a meaningful risk, particularly for users who may have reused passwords across multiple platforms.
In a statement addressing the incident, Coinmama emphasized that as of February 15, 2019, there had been no evidence that the compromised data had been utilized by the perpetrators. The company urged affected users to change their passwords immediately and enabled additional security measures across the platform.
A Pattern of Crypto Industry Breaches
The Coinmama breach occurred during a period when the cryptocurrency industry was still grappling with the fallout from numerous high-profile security incidents. The preceding year had witnessed several major exchange hacks and data breaches that collectively eroded public trust in centralized cryptocurrency platforms. From the Coincheck hack in January 2018, which saw the loss of over $500 million worth of NEM tokens, to smaller but equally damaging incidents at various exchanges, the pattern was unmistakable.
What made the Coinmama incident particularly notable was that it involved a brokerage rather than an exchange. While exchange hacks typically involved the direct theft of cryptocurrency funds, the Coinmama breach targeted user credentials, a different but potentially more insidious form of compromise. Stolen email addresses and passwords could be used for phishing attacks, credential stuffing on other platforms, or social engineering campaigns targeting cryptocurrency holders.
The Broader Market Context
The breach occurred against a backdrop of relatively subdued cryptocurrency markets. Bitcoin was trading in the $3,600 to $3,620 range on February 15, 2019, a far cry from the heady days of late 2017 when the flagship cryptocurrency had approached $20,000. Ethereum was changing hands at approximately $122, while most major altcoins were experiencing modest daily movements.
Despite the generally calm market conditions, the security incident served as a reminder that the infrastructure supporting cryptocurrency adoption remained far from mature. At a time when institutional interest in digital assets was beginning to take shape, incidents like the Coinmama breach represented significant obstacles to mainstream acceptance.
Industry Response and Lessons
The Coinmama breach prompted renewed discussions within the cryptocurrency community about the importance of robust security practices, both at the platform level and among individual users. Security experts emphasized several key takeaways from the incident, including the critical importance of using unique passwords for each platform, enabling two-factor authentication wherever possible, and remaining vigilant against phishing attempts that might leverage stolen email addresses.
For platforms operating in the cryptocurrency space, the incident reinforced the need for regular security audits, proactive threat detection, and transparent disclosure practices when breaches do occur. Coinmama received some credit for promptly disclosing the breach and providing clear guidance to affected users, a contrast to some earlier incidents where platforms had been slower to acknowledge security failures.
Digital Asset Security in an Evolving Landscape
The Coinmama data breach highlighted a fundamental tension in the cryptocurrency ecosystem. As digital assets gained broader acceptance and more users entered the space, the attack surface for malicious actors expanded correspondingly. The period from 2017 through early 2019 saw explosive growth in the number of cryptocurrency users worldwide, and many of the platforms serving these new users had not invested proportionally in security infrastructure.
The concept of digital ownership and digital assets was undergoing a significant transformation during this period. While the NFT phenomenon was still years away from capturing mainstream attention, the foundational ideas about digital scarcity, ownership, and the security of digital property were being actively tested through incidents like the Coinmama breach.
As the cryptocurrency industry continued to mature, the lessons from incidents like this one would prove instrumental in shaping more robust security standards and practices across the ecosystem. The question of how to balance accessibility with security would remain a central challenge for platforms seeking to bring digital assets to a broader audience.
Why This Matters
The Coinmama breach of February 2019 was emblematic of the growing pains facing the cryptocurrency industry as it transitioned from a niche technology to a more mainstream financial ecosystem. With 450,000 user records compromised, the incident demonstrated that even established platforms were not immune to security failures. As the digital asset landscape continued to evolve, the importance of platform security, user education, and transparent disclosure practices would only grow more critical. The breach served as both a warning and a catalyst for improvement across the entire cryptocurrency industry.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. The cryptocurrency market is highly volatile, and readers should conduct their own research before making any investment decisions.
450k records and they only noticed in feb 2019 for a breach that happened before aug 2017. thats an 18 month detection gap. insane
the fact that haveibeenpwned catalogued 479k vs their 450k estimate tells you they still dont know the full scope
18 months to detect a breach of 450k records. imagine what else is sitting in compromised databases right now that nobody has found yet
pwn_checker 18 months for coinmama and we later learned about the equifax breach sitting for even longer. the detection gap across the entire industry was embarrassing
18 months with nobody noticing and people wonder why self custody became the default advice. if you cant detect a breach for a year and a half your security theater is just theater
Piotr the self custody advice aged perfectly. every centralized exchange breach since then has reinforced the same lesson and people still keep funds on platforms
hashed passwords sound fine until you realize most people reuse passwords everywhere. the damage goes way beyond coinmama
hashed passwords with bcrypt or argon2 are actually pretty hard to crack. the real problem is password reuse like you said, not the hashing itself
bcrypt is fine until the implementation uses 4 rounds instead of 12. seen it happen more than once on crypto platforms cutting corners on compute costs
auditer_ 4 rounds of bcrypt should be criminal negligence. owasp recommends minimum 10 and that was standard even in 2017. no excuse for a crypto platform
4 rounds of bcrypt is basically plaintext at this point. compute is cheap enough that even 12 rounds barely slows down a serious attacker with GPU farms
18 months to detect a breach and people wonder why self custody became the default. every centralized platform since then has proved the same point
the fact that data from aug 2017 registrations was compromised but detected in feb 2019 means whoever had it could have been credential stuffing for over a year before anyone noticed
450k records sitting in someone’s database for 18 months and coinmama had no idea. makes you wonder which current platforms are compromised right now and dont know it