Coinbase Data Breach Tied to Bribed Support Staff at India-Based Outsourcing Firm TaskUs
A recently disclosed data breach at cryptocurrency exchange Coinbase has been traced to insider threats at its outsourcing partner, TaskUs, based in India. The breach, first identified in January 2025, involved bribed customer support agents who leaked sensitive user data in exchange for money from cybercriminals.
According to a Reuters investigation, the breach was uncovered when a TaskUs employee was caught photographing her computer screen using a personal device. Further internal investigations revealed that two employees admitted to funneling Coinbase customer data to hackers in return for bribes.
TaskUs informed Coinbase of the breach shortly after confirming it in January, although the incident wasn’t publicly disclosed until May 15, 2025. At that time, Coinbase revealed that rogue overseas agents had abused access to support systems to steal customer data, including:
- Full names and email addresses
- Partial financial details and Social Security numbers
- Transaction histories
- Scanned identification documents
Extortion Attempt and Fallout
The threat actors reportedly demanded a $20 million ransom to prevent the public release of the stolen data. Coinbase declined to pay and instead offered an equivalent reward for information identifying the extortionists. The company estimated potential losses of up to $400 million related to the incident.
On May 21, Coinbase began notifying approximately 70,000 customers affected by the data breach.
TaskUs Responds
TaskUs confirmed its involvement in the incident, stating that the breach was part of a broader and coordinated criminal campaign that may have targeted multiple service providers. In a statement to BleepingComputer, TaskUs said:
“We identified two individuals who illegally accessed client data and believe they were recruited by a larger criminal group. We immediately reported the breach, terminated the individuals, and ceased all Coinbase operations in Indore, India.”
The shutdown impacted 226 employees, most of whom were offered a generous severance package, including six months' pay. The company’s actions followed local media coverage in India, where the mass termination led to employee protests.
Broader Implications
This incident underscores the growing risks associated with insider threats and third-party vendor vulnerabilities, especially in high-stakes industries like cryptocurrency. Coinbase and TaskUs are now coordinating with law enforcement as investigations continue.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
