Indian legislation enforcement has arrested a former Coinbase customer support agent in Hyderabad, marking the primary arrest related to the cryptocurrency trade’s huge information breach disclosed earlier this 12 months.
CEO Brian Armstrong introduced the event on December 26, 2024, signaling that extra arrests are anticipated.
“We’ve got zero tolerance for unhealthy conduct and can proceed to work with legislation enforcement to convey unhealthy actors to justice,” Armstrong wrote on X. “Because of the Hyderabad Police in India, an ex-Coinbase customer support agent was simply arrested. One other one down and extra nonetheless to return.”
The arrest represents a significant step in resolving one in every of 2025’s most vital cryptocurrency safety incidents, which has value Coinbase an estimated $180 million to $400 million in damages and affected practically 70,000 customers.
The Bribery Scheme That Uncovered Buyer Information
The safety breach formally occurred on December 26, 2024, when cybercriminals efficiently obtained consumer information by way of bribed offshore customer support representatives. Nevertheless, insider theft exercise started months earlier, with the scheme involving workers at TaskUs, a Texas-based enterprise course of outsourcing agency that dealt with buyer help for Coinbase from its operations in India.
In response to court documents, the criminals focused TaskUs brokers in Indore, providing bribes as much as $2,500 per individual to entry Coinbase’s inner methods. The stolen info included names, addresses, cellphone numbers, government-issued IDs, partial Social Safety numbers, and masked checking account numbers.
Coinbase started noticing suspicious exercise as early as January 2025 however the full extent of the breach wasn’t found till Could 11, 2025, when hackers contacted the corporate demanding a $20 million ransom. The trade refused to pay the ransom and as an alternative launched an identical $20 million bounty program for info resulting in arrests and convictions.
Supply: @brian_armstrong
A submitting with the Maine Legal professional Normal’s Workplace revealed that 69,461 customers have been affected, representing lower than 1% of Coinbase’s month-to-month lively customers.
The TaskUs Worker on the Heart
Courtroom filings recognized Ashita Mishra, an worker at TaskUs’s Indore workplace, as a key determine within the scheme. Starting in September 2024, Mishra allegedly used her cellphone to {photograph} delicate buyer information instantly from her work pc, taking as much as 200 pictures per day.
The stolen info was bought to hackers for $200 per picture. By the point authorities arrested Mishra in January 2025, her private system reportedly contained information on greater than 10,000 Coinbase prospects.
Investigators additionally declare Mishra recruited different TaskUs workers, together with supervisors and staff leaders, remodeling what began as particular person theft right into a coordinated conspiracy. TaskUs laid off 226 Coinbase-related employees from its Indore facility in January 2025 following the invention of the breach.
Monetary Influence and Safety Response
Coinbase reported $307 million in breach-related prices throughout its second-quarter earnings, masking remediation efforts and reimbursements to affected prospects. The corporate faces a number of shareholder class motion lawsuits alleging delayed disclosure of the breach.
In response to the incident, Coinbase has implemented stricter safety measures. The trade terminated its relationship with TaskUs and tightened vendor controls. The corporate additionally opened a brand new customer support facility in Charlotte, North Carolina, to cut back reliance on abroad employees.
All new workers now should full coaching in individual in america. Staff dealing with delicate methods have to be U.S. residents and supply fingerprints as a part of enhanced safety protocols designed to forestall related insider threats.
Separate Phishing Case in Brooklyn
The India arrest comes only one week after Brooklyn prosecutors charged Ronald Spektor, 23, with stealing $16 million from roughly 100 Coinbase customers by way of a separate phishing scheme. Spektor allegedly posed as a Coinbase consultant between April 2023 and December 2024, convincing victims their accounts have been in danger and persuading them to switch cryptocurrency to wallets he managed.
The Brooklyn case resulted in 31 felony prices, together with first-degree grand larceny and cash laundering. Authorities have recovered roughly $105,000 in money and $400,000 in cryptocurrency related to that scheme.
What Information Was Really Compromised
Whereas the breach uncovered vital private info, Coinbase has emphasised that sure vital safety parts remained protected. The attackers didn’t receive passwords, non-public keys, seed phrases, or direct entry to buyer cryptocurrency holdings.
Nevertheless, the stolen information nonetheless poses dangers for affected customers. Criminals can use the data for focused phishing assaults and social engineering schemes. Coinbase has supplied affected prospects one 12 months of complimentary identity-theft safety and credit score monitoring companies.
The corporate has reimbursed prospects who misplaced funds to scams utilizing the stolen info and continues working with worldwide legislation enforcement to hint stolen property and pursue further suspects.
The Path Ahead
The arrest in Hyderabad demonstrates the rising cooperation between cryptocurrency firms and worldwide legislation enforcement businesses in combating cyber crime. Coinbase has labored intently with authorities in each India and america, together with the Brooklyn District Legal professional’s Workplace, to determine people concerned in numerous schemes concentrating on the trade.
The timing of the arrest is notable because it follows Coinbase’s recent return to the Indian market after practically two years of regulatory challenges. The trade has been increasing its world operations whereas concurrently strengthening safety measures to forestall future breaches.
As Armstrong’s announcement suggests with the phrase “extra nonetheless to return,” the investigation stays lively with further suspects being pursued. The case highlights the continued problem that cryptocurrency exchanges face in securing outsourced operations and defending buyer information from insider threats.
Closing the Safety Hole
The Coinbase breach serves as a stark reminder that even main cryptocurrency platforms stay weak to low-tech assaults that exploit human weaknesses relatively than technical flaws. The criminals didn’t hack by way of firewalls or exploit software program vulnerabilities—they merely discovered workers keen to just accept bribes for entry to delicate information. Because the business continues to develop and appeal to institutional traders, addressing insider threats by way of higher vetting, monitoring, and worldwide legislation enforcement cooperation has turn into as vital as securing blockchain expertise itself.
Sven Luiv Sven Luiv Read More
