A recent data breach at cryptocurrency exchange Coinbase has been traced to bribed customer support agents working for TaskUs, a US-based outsourcing firm with operations in India, according to a Reuters investigation.
The breach, first detected in January 2025, came to light when a TaskUs employee was caught photographing her computer screen with a personal device. An internal probe revealed that two employees had been leaking sensitive Coinbase user data to external hackers in exchange for bribes.
TaskUs promptly notified Coinbase upon confirming the breach, four months before the company publicly disclosed the incident on May 15.
Coinbase revealed that rogue support agents had exfiltrated personal data from a subset of customers, including names, emails, partial financial details, Social Security numbers, transaction history, and scans of identification documents.
“Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the company said at the time. “These insiders abused their access to customer support systems.”
The hackers reportedly demanded a $20 million ransom from Coinbase in exchange for not leaking the stolen data. Coinbase refused to pay, instead offering a matching bounty to identify those behind the attack. The exchange estimated potential losses from the breach could reach $400 million.
On May 21, Coinbase began notifying nearly 70,000 customers affected by the breach.
In response to media inquiries, TaskUs confirmed its involvement, noting the incident was part of a broader criminal campaign. “We identified two individuals who illegally accessed information from one of our clients,” a spokesperson told BleepingComputer. “We believe these individuals were recruited as part of a larger, coordinated criminal campaign.”
TaskUs terminated the implicated employees and shut down its Coinbase operations in Indore, India, in January affecting 226 staff. While all but the two implicated workers received severance packages, the layoffs sparked protests that were previously reported in Indian media.
