In brief
- Coinbase reportedly learned of a data breach tied to outsourcing company TaskUs in January.
- Rogue TaskUs employees have been accused of leaking customer info for bribes.
- Hackers demanded $20 million in Bitcoin from Coinbase, which the company refused.
Coinbase was made aware in January of a customer data breach involving its third-party contractor TaskUs months before publicly disclosing the incident, Reuters reported Monday, citing six sources familiar with the matter.
According to five former TaskUs employees, the breach was traced to an India-based TaskUs support agent who had been photographing her work computer screen with a phone.
The employee and an alleged accomplice were suspected of selling Coinbase user information to hackers in exchange for bribes.
"We immediately reported this activity to the client," TaskUs told Decrypt, adding that it had terminated two employees for illegal access and believed the breach was part of a wider, coordinated campaign targeting Coinbase and other service providers.
"We believe these two individuals were recruited by a much broader, coordinated criminal campaign against [Coinbase] that also impacted a number of other providers servicing this client," TaskUs said. "Out of an abundance of caution, TaskUs ceased all Coinbase operations in Indore, India, in early January 2025, impacting 226 teammates. Following the investigation, all teammates, excluding the two bad actors, were offered a generous severance package, including six months of pay."
With over 61,000 employees across 12 countries, the U.S. outsourcing firm also said it places the "highest priority on safeguarding the data" of its clients and their customers.
Decrypt has approached Coinbase for comment.
Coinbase Faces Investor Lawsuit Over Alleged Damages From Data Breach
Coinbase is facing a lawsuit over allegations it violated securities laws and issued “misleading” statements to its shareholders, roughly a week after the crypto exchange drew criticism for revealing it had suffered a large data breach. In a legal complaint filed on May 22 in the U.S. District Court for the Eastern District of Pennsylvania, Coinbase investor Brady Nessler alleges he suffered “significant [financial] losses and damages” due to the public company’s “wrongful acts and omissions.” C...
Coinbase disclosed the breach in an SEC filing on May 14 and followed up with a blog post on May 15.
The company said hackers obtained customer names, addresses, masked bank details, and identity documents via compromised support staff. No funds or passwords were taken. On May 11, Coinbase received a $20 million Bitcoin ransom demand, prompting it to go public with the information.
It additionally said that the threat actor had obtained the information by paying multiple contractors or employees in support roles for information from internal Coinbase systems and that “these instances of such personnel accessing data without business need were independently detected by the Company’s security monitoring in the previous months.”
Reuters reported that at least part of the breach was linked to TaskUs.
“They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company wrote.
CEO Brian Armstrong responded by offering a $20 million bounty for information leading to the arrest of the attackers. “We are not going to pay your ransom,” he said in a video statement.
Does Crypto Have a KYC Problem? Coinbase Hack, Solana Founder Doxxing Reopen Debate
For privacy-minded crypto users, there may be no three letters more dreaded than "KYC." The acronym, shorthand for "know your customer," refers to the process of providing personally identifiable information, such as your name and address, to certain service providers, namely cryptocurrency exchanges. In many jurisdictions, including the U.S., it's required by law. And while it may be important, perhaps even crucial, in guarding against illegal activity, KYC comes with risks—both for the compani...
The company said the breach affected less than 1% of its users. Coinbase has since cut ties with TaskUs and other overseas agents involved in the incident and claims to have strengthened internal controls.
The breach sparked a shareholder lawsuit filed May 22 in federal court in Pennsylvania. Investor Brady Nessler accused Coinbase of violating securities laws by failing to disclose the breach promptly and alleged the company also concealed prior regulatory issues.
Coinbase’s stock dropped 7% following the disclosure but has since rebounded, bolstered by its inclusion in the S&P 500.
Edited by Sebastian Sinclair
Editor's note: Adds comments from TaskUs
