Overview
- CEO Brian Armstrong said on Dec. 26 that Hyderabad police detained a former customer service agent and signaled more arrests are likely.
- Coinbase disclosed in May 2025 that bribed overseas support agents enabled the December 2024 theft of customer records, affecting about 69,461 people.
- The breach, routed through outsourcing vendor TaskUs, involved a small number of employees; TaskUs says two individuals were implicated and the affected department was shut.
- Exposed data included names, addresses, phone numbers, emails, images of government IDs, masked SSNs and some bank/account details, but not 2FA codes, private keys or direct wallet access.
- Attackers demanded a $20 million ransom that Coinbase refused; the company instead announced a $20 million reward fund, and a separate Brooklyn impersonation case was charged but is not linked to the insider scheme.