Summary
Coinbase suffered a data breach impacting nearly 70,000 customers after hackers bribed TaskUs support agents in India. The hackers obtained sensitive data like names, addresses, and partial financial information but not passwords or private keys. Coinbase refused a $20 million ransom demand and is cooperating with law enforcement.
** Main Story**
Coinbase Data Breach: Insider Threat from India
A significant data breach at Coinbase, one of the world’s largest cryptocurrency exchanges, has come to light, exposing the personal information of nearly 70,000 customers. Investigations reveal a disturbing insider threat: support agents working for TaskUs, an outsourcing firm in India, accepted bribes from hackers in exchange for sensitive customer data. This breach highlights the growing risks of social engineering and insider threats within the cryptocurrency sector.
The Bribery Scheme and Data Exfiltration
The breach, initially discovered in January 2025 but publicly disclosed by Coinbase in May, involved a coordinated effort by cybercriminals to exploit vulnerabilities within Coinbase’s customer support system. Hackers targeted TaskUs employees in India, offering financial incentives to leak confidential customer information. Reports suggest that the hackers initially identified a TaskUs employee capturing screenshots of sensitive data on a personal device. Subsequent investigations revealed at least two employees funneling data to the hackers in exchange for bribes. The information obtained included names, addresses, phone numbers, email addresses, partial Social Security numbers, masked bank account details, government ID images, account balances, transaction histories, and some internal Coinbase corporate documents. Crucially, login credentials, private keys, and access to customer funds or Coinbase’s hot or cold wallets remained secure.
Coinbase’s Response and Repercussions
Coinbase refused the hackers’ $20 million ransom demand and instead offered a reward of equal value for information leading to the arrest and conviction of the perpetrators. The company has pledged to reimburse affected customers who lost funds due to social engineering attacks stemming from the breach. Coinbase also terminated the involved employees, increased security measures, and is cooperating with law enforcement agencies. TaskUs ceased its Coinbase operations in Indore, India, impacting 226 employees, and offered generous severance packages to those not involved in the breach. Coinbase estimates the total cost related to the breach, including remediation and customer reimbursements, to be between $180 million and $400 million. This incident underscores the potential financial and reputational damage resulting from data breaches and the critical need for robust security measures, particularly when outsourcing sensitive operations. The breach has sparked a class-action lawsuit against TaskUs alleging negligence. TaskUs, however, maintains it was a victim of a larger criminal scheme targeting multiple Coinbase service providers and is cooperating with authorities. As of June 10, 2025, investigations are still ongoing, and the full impact of the breach continues to unfold.
$20 million ransom? Coinbase should have countered with NFTs of monkeys holding crypto. I’m sure the hackers would have preferred that. It would certainly look better for them on the news.
That’s a hilarious thought! NFTs of monkeys holding crypto as a counter-ransom. It definitely would have been a unique and attention-grabbing approach. Thinking outside the box in cybersecurity negotiations might be worth exploring, although I’m not sure how effective it would be against serious cyber criminals! Thanks for the chuckle!
Editor: StorageTech.News
Thank you to our Sponsor Esdebe