Cryptocurrency platform Coinbase remained silent about a data breach for several months before finally revealing it to the public, as reported by Reuters.

Outsourcing firm TaskUs suffered a data leak in January, allegedly unbeknownst to Coinbase, which was part of a broader hack anda $20 million extortion attempt.

, and Administrator

2025 June 6 . 6:24 PM

3 min read

Outsourcing partner TaskUs suffered a data leak in January, compromising Coinbase's information,... — Outsourcing partner TaskUs suffered a data leak in January, compromising Coinbase's information, which was part of a larger breach and a $20 million ransom demand.

Straight Dope on the Coinbase Data Breach Fiasco

Cryptocurrency platform Coinbase remained silent about a data breach for several months before finally revealing it to the public, as reported by Reuters.

Stay Updated with SCENE

Coinbase found out in January about a customer data breach tied to third-party contractor TaskUs, months before announcing the incident publicly, according to Reuters' latest report. There's a dirty dozen of insiders claiming to know.

So here's what went down, according to shady whispers from some ex-TaskUs employees. An India-based TaskUs support agent was exposed for snapping screenshots of her work computer screen with her smartphone and passing them along. Word on the street is that she and an accomplice were cashing in on bribes from hackers, feeding them Coinbase user details.

TaskUs isn't shying away from the drama. They insists they took immediate action upon discovering the illegal activity, axing the two culprits for their shady shenanigans. They suspect the breach was bigger than just these two, with indications pointing towards wider, more organized criminal activity targeting Coinbase and other service providers.

With over 61,000 employees scattered across 12 countries, TaskUs prides itself on client data protection. Decrypt reached out to Coinbase for comment but hasn't heard back yet.

Coinbase finally owned up to the breach in an SEC filing on May 14 and shared details on their blog the next day. They revealed hackers managed to get their hands on customer names, addresses, masked bank details, and identity documents, all thanks to traitorous support staff. Money or passwords were left untouched.

May 11 saw Coinbase receiving a $20 million Bitcoin ransom demand. They put it out there, went public with the incident. CEO Brian Armstrong fired back by offering a $20 million bounty for info leading to the crooks' capture. "No way, Jose," he declared in a video statement.

The breach got the legal ball rolling, with a shareholder lawsuit filed on May 22 in Pennsylvania court. Investor Brady Nessler accused Coinbase of breaking securities laws by failing to disclose the breach promptly. He also claimed the company hid past regulatory issues under the rug.

Coinbase's stock took a 7% dive post-admission but has since bounced back, thanks to its induction into the S&P 500.

Your edit team: Sebastian Sinclair

Editor's corner: We've got TaskUs' comments on the matter.

Data Breach Breakdown:

TaskUs Link: Rumor has it the breach originated from an India-based TaskUs employee, who sold user data in exchange for bribes.
Prompt Alert: Coinbase was notified promptly about the breach, but the company didn't come clean until May.
User Data Losses: Customer data lost in the cyber attack encompassed names, addresses, phone numbers, email addresses, and other sensitive information.
Cost to Coinbase: An estimated $180 million to $400 million in remediation costs and customer reimbursements is what the company is looking at.
Ransom Note: Hackers demanded $20 million in Bitcoin but were given the boot when Coinbase refused to play ball.
Outcome: Coinbase cut ties with the shady TaskUs personnel and other overseas agents, and TaskUs laid off over 200 employees in the aftermath.

Sources: [1], [2], [3], [5]

TaskUs Defends Actions: Contending the accusations against them, TaskUs asserted that they acted swiftly upon discovery of any illegal activities executed by the culprits, terminating them summarily.Bitcoin and Crypto Exchange Involvement: The breach was suspected to be part of an organized crime scheme targeting not only Coinbase but also other crypto exchanges, hinting at a broader underlying issue in the crypto space.Regulation and Crime-and-Justice Implications: The incident has sparked discussions about the need for stricter regulations in cryptocurrency, particularly concerning third-party contractors, to minimize such criminal activities.Journalistic Follow-Up: In light of the ongoing developments, it's essential to stay informed through trusted general-news sources such as Decrypt, keeping the public apprised of the unfolding story and consequences in the crypto technology industry.