Key Takeaways
- Coinbase was reportedly aware of a significant customer data leak.
- A portion of the breach involved an India-based TaskUs employee who was caught taking photos of sensitive client information on her screen.
- Coinbase said it has severed ties with involved personnel and pledged to reimburse affected customers.
Cryptocurrency exchange Coinbase was aware of a customer data leak that led to the theft of up to $400 million as early as January, according to Reuters, citing people familiar with the matter.
According to sources, part of the breach was linked to an incident involving an India-based employee at the U.S. outsourcing firm TaskUs, who was caught photographing her computer screen with a mobile phone.
Coinbase Allegedly Knew About Leak
Coinbase had previously told the public that “support agents overseas” were to blame for the breach, although they did not disclose when or how it happened.
According to Reuters, former employees said they were briefed on the incident by investigators in January.
The employees added that over 200 TaskUs employees were fired shortly after they were briefed on the incident, which sparked media attention across India.
The involvement of TaskUs in the breach was previously mentioned in a May SEC filing, but key details of the incident were not included.
Coinbase told Reuters they only realized the employee’s actions were part of the wider breach after receiving the extortion demand on May 11.
Conflicting Statements
A source told Reuters that the illegal photography incident occurred in January, with Coinbase as the client.
However, Coinbase told Reuters in a statement that the incident had only been recently discovered.
It added that it had “cut ties with the TaskUs personnel involved and other overseas agents and tightened controls.”
TaskUs said two employees had been fired earlier this year after illegally accessing information from a client.
It is unclear if any arrests have been made.
In a statement to CCN, a TaskUs spokesperson said: “Early this year we identified two individuals who illegally accessed information from one of our clients.
“We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.
“We immediately reported this activity to the client, terminated the individuals involved, and are coordinating with law enforcement.”
TaskUs added that they ceased operations with Coinbase in Indore, India, in early January 2025 “out of an abundance of caution,” impacting 226 employees.
“Following the investigation, all teammates, excluding the two bad actors, were offered a generous severance package, including six months of pay,” the spokesperson told CCN.
Adding: “We place the highest priority on safeguarding the data of our clients and their customers and continue to strengthen our global security protocols and training programs, including by investing millions of additional dollars in physical and information security.”
Ransom Demand Rejected
The information was revealed after Coinbase CEO Brian Armstrong took to X to speak directly to the hackers and affected customers.
“No, we are not going to be paying your ransom,” Armstrong said after hackers demanded $20 million in exchange for not releasing the data.
Armstrong emphasized the company’s commitment to transparency and said the breach had occurred through hackers targeting overseas support staff.
The CEO did not explain how long the company had known about the breach.
Armstrong clarified that no passwords, private keys, or customer funds were accessed in the breach.
However, he confirmed that support staff can access sensitive personal information, including names, birthdates, and addresses.
This allowed the attackers to carry out social engineering attacks, impersonating customer service agents to deceive users into transferring funds.
Coinbase has pledged to reimburse customers who were deceived into sending money.
Kurt Robson is a London-based reporter at CCN, specialising in the fast-moving worlds of crypto and emerging technology. He began his career covering local news in Cornwall after graduating from Falmouth University with First Class Honours in Journalism. There, he cut his teeth on everything from council meetings to missing swans.
He quickly rose through the ranks to become a frontline journalist at several of the UK’s leading national newspapers. Over the years, he has interviewed musicians and celebrities, reported from courtrooms and crime scenes, and secured multiple front-page exclusives.
Following the upheaval of the COVID-19 pandemic, Kurt shifted his focus to technology journalism—just ahead of the AI boom. With a natural curiosity and a trained eye for emerging trends, he has found a new rhythm in reporting on innovation.
At CCN, Kurt's work focuses on the cutting edge of crypto, blockchain, AI, and the evolving digital world. Drawing on his background in people-first reporting and his deep interest in disruptive tech, Kurt delivers stories that are insightful, entertaining, and human-centric.
