🔴 Trust Rating: Low

Coinbase is the easiest regulated on-ramp in the US and a public company (Nasdaq: COIN) with real custody pedigree. It is also one of the most surveillance-heavy places you can hold crypto. It sells a blockchain-analysis tool to federal agencies, it hands the IRS your activity, and in 2025 bribed support contractors leaked names, home addresses, and government-ID photos for tens of thousands of customers. Use it as a doorway, not a home. Buy, withdraw, leave nothing behind.

What is Coinbase?

Coinbase is a US-based, publicly traded cryptocurrency exchange. It went public on the Nasdaq in 2021 under the ticker COIN. For most Americans it is the path of least resistance into crypto: link a bank account, pass ID verification, buy Bitcoin or Ether in a few taps. Custody is handled for you, the hot wallet is insured against certain failures, and if the company does something illegal there is a real corporate entity with SEC filings to point at.

That accountability is the whole pitch, and it is genuine. It is also the exact reason Coinbase is a surveillance machine. A regulated US company that knows your legal identity, your bank, your address, and every trade you make is a company that answers to the IRS, to sanctions law, and to a support system that humans can be bribed to abuse. You get the easiest fiat rails in crypto. You pay for them with your privacy.

Critical Privacy Concerns

⚠️ Important Considerations

  • It sells surveillance to the government. Coinbase markets a blockchain-analysis product, Coinbase Tracer (built from its Neutrino acquisition), to federal agencies. A FOIA-sourced contract showed ICE gaining access to tools including "historical geo tracking data," multi-hop link analysis, transaction demixing, and shielded-transaction analysis across nearly a dozen cryptocurrencies. Coinbase also sold Tracer licenses to the Secret Service.
  • The 2025 insider breach leaked your identity documents. Bribed overseas support contractors copied customer data over several months. Roughly 69,461 customers had personal data exposed, including names, contact details, masked Social Security digits, home addresses, and images of government-issued IDs.
  • Address plus balance is a physical-safety problem. When your home address leaks alongside a rough idea of what you hold, the threat stops being digital. That combination is exactly what "wrench attack" kidnappers and extortionists shop for.
  • The IRS gets your activity. Coinbase issues broker tax forms and has a documented history of being forced to hand user records to the government under a John Doe summons.

Coinbase Tracer: Selling the Shovels

In 2019 Coinbase acquired Neutrino, a blockchain-analysis firm founded by three former employees of Hacking Team, an Italian surveillance vendor that had been caught selling spyware to governments with poor human-rights records. Coinbase folded Neutrino into what is now Coinbase Tracer and began pitching it to law enforcement.

Documents surfaced through a FOIA request by Tech Inquiry and reported by The Intercept in 2022 showed the shape of it. In August 2021 Coinbase sold a single analytics license to ICE for $29,000, followed by a purchase reportedly worth up to $1.36 million a month later. It sold Tracer licenses to the Secret Service as well. ICE gained access to "historical geo tracking data," transaction demixing, and shielded-transaction analysis.

Coinbase's defense is that Tracer "sources its information from public sources and does not make use of Coinbase user data." Take that at face value if you like. The company that holds your identity is in the business of un-mixing blockchain transactions for federal agencies. That is the vendor you are trusting with your on-ramp.

The May 2025 Insider Breach

This one was not a clever hack. It was bribery. Criminals paid overseas customer-support contractors to copy customer data straight out of the internal tools those agents were allowed to use. The theft ran for months before Coinbase received a $20 million extortion email on May 11, 2025. Coinbase filed a Form 8-K with the SEC on May 14, 2025.

A breach notification put the affected count at 69,461 customers. Stolen data included names, contact information, masked Social Security digits, home addresses, account balance and transaction snapshots, and photos of government-issued IDs submitted for identity verification. No passwords, private keys, or customer funds were taken, according to the filing.

Coinbase refused the $20 million demand and instead posted a $20 million reward for information leading to the attackers. It estimated the cleanup at $180 million to $400 million. Money it can absorb. The customers whose home address and holdings are now in criminal hands cannot recall a leaked ID photo.

Taxes and the IRS

Assume Coinbase reports you. Starting with the 2025 tax year, Coinbase issues IRS Form 1099-DA to customers who dispose of crypto, and the IRS matches those forms against your return. This is not new behavior dressed up. Back in 2016 the IRS served Coinbase a John Doe summons, and after a court fight Coinbase handed over records covering millions of user transactions. If your privacy plan depends on the government not knowing you bought crypto, Coinbase is the wrong tool.

Account Freezes and Closures

Because Coinbase is regulated, it complies with court orders and sanctions programs, including OFAC. It can and does restrict or close accounts, often without giving a specific reason. In most cases you can still withdraw funds after a closure, but users report long lock-outs and slow support. A custodial account is an account someone else can freeze. That is the trade for the insurance and the easy rails.

Technical Specifications

What You Actually Get

  • Custody: Custodial hot-wallet storage managed by Coinbase, with some insurance coverage against certain platform failures. You do not hold the keys by default.
  • Identity: Full KYC required. Legal name, government ID, address, and usually a linked bank account.
  • Fiat rails: Bank transfer, debit card, and other standard funding methods. This is the strongest part of the product.
  • USDC: Coinbase co-founded the USDC stablecoin and earns a large share of its reserve revenue. Circle paid Coinbase $908 million under their revenue-share arrangement in 2024.
  • Security: Supports app-based and hardware-key two-factor authentication. Use the strongest option offered.

Pricing Structure

The exchange itself is free to open. Trading fees vary by method and size. The optional Coinbase One subscription lowers or removes some fees and adds perks. Current tiers:

Coinbase One Tier Price Gist
Basic $4.99/month Zero-fee simple trades up to a volume limit, boosted USDC rewards
Preferred $29.99/month Higher limits, rebates on Advanced trading fees, up to $10,000 account-protection coverage
Premium $299.99/month Unlimited zero-fee simple trades, concierge desk, up to $250,000 account-protection coverage

Note the fine print: zero fees apply to simple trades only, not Coinbase Advanced, DEX, or derivatives, and benefits can change without notice. None of these tiers buy you privacy. They buy you cheaper trading on a platform that still reports you.

Coinbase vs. Alternatives

Coinbase vs. Kraken

  • Coinbase: The simplest US on-ramp and the most beginner-friendly, with the surveillance baggage above. Public company, full KYC, sells analytics to the government.
  • Kraken: Another regulated US exchange with full KYC and tax reporting, generally aimed at more serious traders. Same custodial and reporting reality, different tooling. See our Kraken review.

Coinbase vs. Bisq

  • Coinbase: Custodial, KYC, insured hot wallet, easy fiat, heavy reporting.
  • Bisq: A decentralized, non-custodial exchange with no central company holding your identity or your coins. Harder to use, far less convenient for fiat, and a genuinely different privacy posture. If privacy is the actual goal, this is the direction to look. See our Bisq review.

For the wider picture on how exchanges and chain analysis expose you, read our coverage of blockchain analysis and surveillance and the cryptocurrency intelligence platforms that agencies buy.

When to Use Coinbase

Acceptable Use Cases

Buying your first crypto with US dollars when you want a regulated, insured, public-company on-ramp and you accept that you are fully identified.

Converting crypto back to cash through the easiest fiat rails available to Americans.

A pass-through account that you fund, buy on, and immediately withdraw from to self-custody.

Not Recommended For

Storing crypto long term. Custodial, freezable, and a proven breach target. Move coins to a hardware wallet.

Any threat model where being identified matters. Full KYC, government contracts, and IRS reporting are the point of the product.

If You Use It Anyway: Safeguards

⚠️ Harm Reduction

  • Keep a zero standing balance. Buy, then withdraw to your own hardware wallet immediately. Do not let Coinbase hold your coins overnight.
  • Assume your address and holdings may leak again. The 2025 breach already exposed both. Consider using a PO box or a business address for KYC where permitted, and never discuss what you hold in any channel tied to your Coinbase identity.
  • Use a dedicated email that you use for nothing else, so a leak of your Coinbase contact info cannot be linked to the rest of your life.
  • Turn on hardware-key two-factor authentication. Not SMS. A physical security key beats every phishing kit.
  • Expect full tax reporting and keep your own records so the 1099-DA that lands in your mailbox is not a surprise. Our Koinly review covers reconciling that.
  • Get your home address out of the data-broker pipeline. Once an address leaks, scrub it wherever else it sits. See our Optery review.

The Bottom Line

Consider Coinbase if:
  • You are a US resident who wants the simplest, most regulated way to turn dollars into crypto and back
  • You value a public company with SEC filings over an offshore exchange you cannot sue
  • You treat it as a doorway and withdraw to self-custody the moment a trade clears
Avoid Coinbase if:
  • You want to hold crypto anywhere it can be frozen or stolen from a support desk
  • Your threat model includes not being identified, tracked, or tax-reported
  • Privacy is your actual goal, in which case a non-custodial route is the honest answer

⚠️ Final Assessment

Coinbase does the boring part well: it turns dollars into Bitcoin without you getting scammed, and it stands behind a real corporate name if something breaks. That earns it a place in a lot of people's toolkits. It does not earn trust. It sells surveillance tooling to federal agencies, it reports you to the IRS, and it let bribed contractors walk out with tens of thousands of customers' home addresses and ID photos. Use it for exactly one job, keep nothing on it, and assume everything you do there is seen.

Visit Coinbase →

Browse the rest of our vetted tools on the resources hub.

Resources