A lately disclosed knowledge breach at Coinbase has been linked to India-based buyer help representatives from outsourcing agency TaskUs, who risk actors bribed to steal knowledge from the crypto alternate.
Based on Reuters, who spoke to quite a few TaskUs workers, the information breach was first found in January after a TaskUs worker was caught capturing images of her laptop display screen utilizing a private machine.
Reportedly, the incident was witnessed by a number of TaskUs workers, and in the course of the subsequent investigations, two admitted they have been funneling delicate Coinbase person knowledge to exterior hackers in alternate for bribes.
Upon confirming the information theft in January 2025, TaskUs knowledgeable Coinbase accordingly, 4 months earlier than the breach was publicly disclosed.
Coinbase first disclosed the incident on Might 15, stating that rogue help brokers stole buyer knowledge, together with names, emails, partial monetary data and SSN, transaction historical past, and ID doc scans.
“Cyber criminals bribed and recruited a bunch of rogue abroad help brokers to steal Coinbase buyer knowledge to facilitate social engineering assaults. These insiders abused their entry to buyer help programs to steal the account knowledge for a small subset of consumers,” learn Coinbase’s assertion.
Coinbase additional acknowledged that the risk actors demanded a ransom fee of $20,000,000 from Coinbase to not publish the stolen knowledge.
As an alternative of succumbing to the calls for, the cryptocurrency alternate supplied an equal-value reward to unmask these answerable for the extortion try. Coinbase estimated that the incident would trigger losses of as much as $400 million.
On Might 21, Coinbase began notifying almost 70,000 prospects who have been impacted by the incident.
BleepingComputer contacted each Coinbase and TaskUs in regards to the Reuters report, and a TaskUs spokesperson confirmed that they have been concerned however acknowledged the staff have been recruited as a part of a a lot bigger, coordinated prison marketing campaign.
“Early this 12 months we recognized two people who illegally accessed data from one in every of our purchasers,” TaskUs advised BleepingComputer.
“We consider these two people have been recruited by a much wider, coordinated prison marketing campaign towards this shopper that additionally impacted numerous different suppliers servicing this shopper.”
“We instantly reported this exercise to the shopper, terminated the people concerned, and are coordinating with regulation enforcement. Out of an abundance of warning, TaskUs ceased all Coinbase operations in Indore, India, in early January 2025, impacting 226 teammates. Following the investigation, all teammates, excluding the 2 unhealthy actors, have been supplied a beneficiant severance bundle, together with six months of pay.”
Indian media beforehand coated TaskUs’ firing of workers in India, which led to protests by employees.
Coinbase has not responded to BleepingComputer’s request for a remark.
Guide patching is outdated. It is sluggish, error-prone, and hard to scale.
Be a part of Kandji + Tines on June 4 to see why previous strategies fall quick. See real-world examples of how trendy groups use automation to patch sooner, minimize danger, keep compliant, and skip the complicated scripts.
