What Happened
Koinly disclosed a potential email address leak in late 2025 resulting from a breach of Mixpanel, a third-party analytics service the company used to track user behavior and improve its platform. The breach, which Mixpanel announced in November 2025, exposed user email addresses, names, approximate location details (city or country), and device information such as operating system and browser version. However, Koinly confirmed that no sensitive financial data—including wallet information, transaction history, tax filings, or portfolio data—was compromised, as these were stored on separate systems not shared with Mixpanel. The company has not disclosed the specific number of affected users or the exact timeframe of the exposure, stating it is still investigating the incident with Mixpanel to determine the full scope. In response, Koinly discontinued its use of Mixpanel and began auditing other third-party tools that process user information, while warning users to remain vigilant against potential phishing attacks exploiting the leaked email addresses.
