Former Coinbase support agent detained in India for helping hackers
A former Coinbase customer service agent has been arrested in India for helping attackers steal sensitive customer information from the crypto exchange’s database. The breach was disclosed earlier this year.
Coinbase CEO Brian Armstrong himself revealed the news of the arrest in the Indian city of Hyderabad on the X social platform and said it was expected that more individuals would be detained.
“We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said in a X post.
“Another one down and more still to come.”
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
undefined Brian Armstrong (@brian_armstrong) December 26, 2025
Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
The massive breach, which Coinbase said began in December 2024, stemmed from a bribery scheme targeting offshore customer support staff. Crooks paid customer service agents to access internal systems and extract sensitive user data.
Earlier reports stated that at least one part of the breach, publicly disclosed in an SEC filing on May 14th, occurred when an India-based employee of the US outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone.
The woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. TaskUs was, of course, working with Coinbase in India.
TaskUs employees were allegedly paid $200 per picture to photograph customer information displayed on their computer screens. The bribes generated at least $500,000, a sum equivalent to the annual salaries of more than 100 employees in India.
Coinbase had previously blamed “support agents overseas” for the breach, which it estimated could cost up to $400 million.
The attackers demanded a $20 million ransom, but Coinbase – a major American cryptocurrency exchange and financial services company that enables cryptocurrency trading and provides digital wallet services – refused to pay it.
Instead, the exchange reported $307 million in breach-related costs, offered reimbursements to affected customers, and launched a matching bounty program, offering rewards for information that would lead to arrests and asset recovery.
Coinbase is also facing a shareholder class action lawsuit, which alleges that the company failed to disclose the breach in a timely manner. The stolen information includes names, Social Security numbers, bank details, and transaction histories.
Unlock more exclusive Cybernews content on YouTube.
