We’re sharing this to inform you of a recent security incident that occurred at one of CoinLedger’s 3rd party service providers, Mixpanel. We are sharing these details so that you understand what happened, what information was involved, and what CoinLedger is doing in response.
What happened:
On November 17, 2025, Mixpanel (a data analytics company that CoinLedger is a customer of) provided details to our team of a security incident that happened within their environment.
On Nov. 9th, Mixpanel’s security team was made aware that an attacker had gained access to Mixpanel systems via SMS phishing attack. The attacker used elevated permissions on the affected Mixpanel account to export two datasets containing CoinLedger user information.
What information was involved:
The data involved consisted of analytics profile information, which includes:
First and last name (if that is set on your CoinLedger profile)
Email address
Approximate location derived from your browser (city, state, country)
What information was not involved:
This incident did not involve:
CoinLedger account passwords
Recovery phrases or private keys (CoinLedger never collects this data)
Social Security numbers or other government IDs
Tax forms or transaction data from connected exchanges or wallets
Bank account or credit card numbers
No CoinLedger account logins or transaction data were exposed in this event.
How Mixpanel responded
Based on Mixpanel’s description to us, its security team:
Deactivated and secured the affected Mixpanel accounts and revoked active sessions
Restored correct email ownership and re-enabled access where needed
Reviewed relevant authentication, session, and export logs
What CoinLedger is doing
We take the security of customer information extremely seriously. In response to this incident, we have:
Investigated our integration with Mixpanel and have found no evidence this incident extended beyond Mixpanel’s systems
Worked with Mixpanel’s privacy and security team to understand the scope of the incident and obtain the exported datasets for our own review
We will continue to monitor for any signs that this data is being misused.
What you can do
Because the information involved includes email addresses, the most likely risk to CoinLedger users is phishing or spam. As always, we recommend that you:
Be cautious with unsolicited emails, especially those asking you to click links, download software, or provide personal information
Check that any email claiming to be from CoinLedger is sent from our official domain
Remember that CoinLedger will never ask for your recovery phrase, private keys, or password by email, SMS, or chat
Note that CoinLedger does not offer a mobile app or a desktop app. If you see an app or software claiming to be CoinLedger, do not download it.
If you receive a message or see an app that seems suspicious, please contact our team directly.
Questions or support
If you have any questions about this incident or would like more information, please contact us at [email protected].
We remain committed to protecting your information and being transparent when security-related issues arise. We will share updates regarding this incident on this web page.