Coinhouse Data Breach Exposes Sensitive Customer Information in Suspected Third Party Compromise

The Coinhouse data breach has emerged as a major security concern for the French cryptocurrency sector after a threat actor listed a database for sale containing 12,367 lines of customer information allegedly belonging to Coinhouse. The dataset is being offered for 379 dollars in cryptocurrency and includes full personal information associated with French clients who use the exchange for digital asset trading and investment. Coinhouse is one of the most recognizable regulated crypto platforms in France and is registered with the AMF (Autorite des Marches Financiers) as a digital asset service provider. Because of this regulatory status, the Coinhouse data breach carries significant operational, legal, and physical security implications.

The listing includes an unusual and critical statement from the seller. The actor explicitly claims the data was “Not from an internal server attack.” This strongly indicates that the Coinhouse data breach originated not from Coinhouse itself but from a third party vendor responsible for KYC verification, customer communications, marketing services, or outsourced support. Supply chain compromises have become one of the most common attack vectors for targeting regulated cryptocurrency institutions. These firms often have strict security controls for internal systems, while external vendors may operate with weaker protections, creating an indirect path to sensitive customer information.

Background of the Coinhouse Data Breach

The seller claims the dataset includes more than twelve thousand customer records. The sample preview shows full names, dates of birth, emails, physical home addresses, and French +33 phone numbers. This combination of data points is dangerous because it provides attackers with everything needed to impersonate Coinhouse customers, initiate targeted social engineering attacks, and commit identity theft. Unlike generic combolists, the Coinhouse data breach is marketed specifically for targeting French citizens who have verified accounts with a regulated cryptocurrency platform. This makes the data especially valuable to criminals who specialize in crypto investor targeting.

The seller’s emphasis on the source being external to internal servers is consistent with recent patterns in European data exposure incidents. Cryptocurrency exchanges and financial platforms frequently rely on third party identity verification companies, enterprise CRM tools, email marketing providers, call center platforms, ticketing systems, and analytics vendors. If any of these vendors stores unencrypted customer intake data, the exposure risk increases substantially. The Coinhouse data breach may also be linked to an infostealer infection on an employee system at a vendor organization. Infostealers such as RedLine, Lumma, and Vidar frequently harvest CSV exports of customer lists, which then appear on cybercrime forums.

What the Coinhouse Data Breach Includes

Based on the threat actor’s listing and observed samples, the following categories of information are included in the dataset:

• Full legal names
• Dates of birth
• Email addresses
• Home addresses
• French +33 phone numbers
• Additional structured identifiers from customer records

The Coinhouse data breach does not appear to include passwords, two factor authentication data, transaction histories, wallet keys, or direct financial information. However, the leaked personal information is sufficient to execute a wide range of targeted attacks. Combining name, date of birth, and address enables identity validation for many French services. When paired with phone numbers, attackers can execute SMS phishing campaigns, impersonate Coinhouse support staff, or attempt SIM swapping attacks. For crypto investors, SIM swaps are especially dangerous because they may weaken two factor authentication defenses and allow attackers to reset account credentials across multiple platforms.

Why the Coinhouse Data Breach Is Critical

The Coinhouse data breach is significant for several reasons. First, it targets a regulated exchange that serves tens of thousands of French users. Second, it includes physical home addresses, which introduces physical risk in addition to digital exploitation. Third, it appears to stem from a supply chain failure rather than a direct breach, which can make remediation more complex. The Coinhouse data breach therefore represents a direct threat to the privacy and security of cryptocurrency holders across France.

Key Risks and Threat Scenarios

• Highly targeted SMS and voice phishing: Attackers can impersonate Coinhouse support and reference the victim’s real name and phone number to demand urgent verification or claim suspicious account activity.
• SIM swapping attacks: Knowledge of French +33 numbers allows criminals to identify potential targets for SIM swapping, which could compromise two factor authentication on multiple platforms.
• Identity theft: Name, date of birth, and address enable high confidence identity fraud, including credit applications and unauthorized account creation.
• Physical security risk: Attackers now possess home address information that correlates with ownership of digital assets, which may enable extortion attempts or targeted scams involving physical mail.
• Supply chain vulnerability: The Coinhouse data breach highlights the ongoing risk of third party platforms handling regulated customer data without adequate controls.

Impact on the Cryptocurrency Ecosystem in France

The Coinhouse data breach affects more than the exchange itself. It signals broader systemic issues in the European cryptocurrency regulatory environment. AMF regulated platforms must protect customer data according to strict requirements, and breaches involving third party vendors can trigger audits, legal investigations, and fines. The Coinhouse data breach may prompt a review of vendor management practices across the French crypto industry. Many digital asset service providers rely on external onboarding tools, outsourced KYC systems, or cloud messaging providers that may not comply with the same level of scrutiny imposed on the regulated entity.

For users, the Coinhouse data breach also undermines confidence in the safety of storing personal details with crypto exchanges. The sale of twelve thousand records at a low price increases the likelihood that multiple threat actors will acquire the same dataset, multiplying the risk of exploitation. Low cost data dumps frequently lead to waves of unrelated phishing attempts, impersonation attempts, and targeted scams because the barrier to entry is low. French speaking criminal groups may weaponize the Coinhouse data breach to launch localized campaigns that use culturally specific language and references to increase success rates.

Mitigation Strategies and Immediate Actions

For Coinhouse Customers

• Switch to app based two factor authentication: Replace SMS based 2FA with an authenticator app or hardware key to reduce SIM swap risk.
• Be skeptical of SMS messages: Any message claiming to be from Coinhouse that demands urgent verification should be treated as suspicious.
• Do not click links in unsolicited emails: Navigate directly to the Coinhouse website or mobile app when checking account status.
• Monitor financial accounts: Watch for suspicious activity including attempts to log in or reset passwords on crypto platforms.
• Scan devices for malware: If you interacted with suspicious messages, run scans with tools such as Malwarebytes.

For Coinhouse and Third Party Vendors

• Conduct a full forensic investigation: Identify the exact vendor or system where the data originated.
• Perform a complete vendor security audit: Review access policies, storage practices, and data retention across all third party partners.
• Notify affected customers: Provide clear guidance on phishing risks and authentication safety.
• Rotate exposed communication identifiers: Update contact protocols and disable stale API keys or service credentials if implicated.
• Review GDPR and AMF reporting requirements: Ensure regulatory timelines and disclosure obligations are met.

For continued updates on confirmed data breaches and evolving threats in the cryptocurrency ecosystem, explore our ongoing coverage in cybersecurity.