“We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said wrote on X. “Thanks to the Hyderabad Police in India, an ex-Coinbase customer service representative has just been arrested. One more and more to come.”
The arrest represents an important step in resolving one of the most significant cryptocurrency security incidents of 2025, which is estimated to have cost Coinbase between $180 million and $400 million in damages and affected nearly 70,000 users.
The bribery scheme in which customer data was made public
The security breach officially occurred on December 26, 2024, when cybercriminals successfully obtained user credentials through bribed offshore customer service representatives. However, the insider theft began months earlier, involving employees of TaskUs, a Texas-based business process outsourcing company that provided customer support for Coinbase from its operations in India.
According to court documentsthe criminals targeted TaskUs agents in Indore and offered bribes of up to $2,500 per person to gain access to Coinbase’s internal systems. The stolen information included names, addresses, phone numbers, government-issued IDs, partial Social Security numbers and masked bank account numbers.
Coinbase started noticing suspicious activity as early as January 2025, but the full extent of the breach wasn’t discovered until May 11, 2025, when hackers contacted the company and demanded a $20 million ransom. The exchange refused to pay the ransom and instead launched a corresponding $20 million bounty program for information leading to arrests and convictions.
Source: @brian_armstrong
A filing with the Maine Attorney General showed that 69,461 users were affected, representing less than 1% of Coinbase’s monthly active users.
The TaskUs employee at the Center
In court, Ashita Mishra, an employee of TaskUs’ Indore office, was identified as a key figure in the scheme. From September 2024, Mishra allegedly used her phone to photograph sensitive customer data directly from her work computer, taking up to 200 photos per day.
The stolen information was sold to hackers for $200 per image. By the time authorities arrested Mishra in January 2025, her personal device reportedly contained data on more than 10,000 Coinbase customers.
Investigators also allege that Mishra recruited other TaskUs employees, including supervisors and team leaders, turning what started as individual theft into a coordinated conspiracy. TaskUs fired 226 Coinbase-related employees from its Indore facility in January 2025 after discovering the breach.
Financial impact and security response
Coinbase reported $307 million in breach-related costs during its second-quarter results, including remediation efforts and refunds to affected customers. The company is facing multiple shareholder class action lawsuits over delayed disclosure of the breach.
In response to the incident, Coinbase has implemented stricter security measures. The exchange ended its relationship with TaskUs and tightened controls on suppliers. The company also opened a new customer service facility in Charlotte, North Carolina, to reduce its reliance on foreign workers.
All new employees are now required to undergo in-person training in the United States. Employees who handle sensitive systems are required to be U.S. citizens and provide fingerprints as part of enhanced security protocols designed to prevent similar insider threats.
Separate phishing case in Brooklyn
The arrest in India comes just a week after prosecutors in Brooklyn accused 23-year-old Ronald Spektor of stealing $16 million from about 100 Coinbase users through a separate phishing scheme. Spektor allegedly posed as a representative of Coinbase between April 2023 and December 2024, convincing victims that their accounts were at risk and persuading them to transfer cryptocurrency to the wallets he controlled.
The Brooklyn case resulted in 31 criminal charges, including first-degree grand larceny and money laundering. Authorities recovered approximately $105,000 in cash and $400,000 in cryptocurrency related to that scheme.
Which data has actually been compromised
Although the breach exposed significant personal information, Coinbase has emphasized that certain critical security elements remained protected. The attackers did not obtain passwords, private keys, seed phrases, or direct access to customer cryptocurrency holdings.
However, the stolen data still poses a risk to affected users. Criminals can use the information for targeted phishing attacks and social engineering schemes. Coinbase has offered affected customers a year of free identity theft protection and credit monitoring.
The company has refunded customers who lost money to scams using the stolen information and continues to work with international law enforcement agencies to track stolen assets and pursue more suspects.
The path forward
The arrest in Hyderabad demonstrates the growing cooperation between cryptocurrency companies and international law enforcement agencies in combating cybercrime. Coinbase has been working closely with authorities in both India and the United States, including the Brooklyn District Attorney’s Office, to identify individuals involved in various schemes targeting the exchange.
The timing of the arrest is notable as it follows Coinbase’s recent return to the Indian market after nearly two years of regulatory challenges. The exchange has expanded its global operations while strengthening security measures to prevent future breaches.
As Armstrong’s announcement suggests with the phrase “more to come,” the investigation remains active and more suspects are being pursued. The case highlights the ongoing challenge cryptocurrency exchanges face in securing outsourced operations and protecting customer data from insider threats.
Closing the security gap
The Coinbase breach is a reminder that even major cryptocurrency platforms remain vulnerable to low-tech attacks that exploit human weaknesses rather than technical flaws. The criminals did not hack into firewalls or exploit software vulnerabilities; they simply found employees willing to accept bribes for access to sensitive data. As the industry continues to grow and attract institutional investors, addressing insider threats through better control, monitoring and international law enforcement cooperation has become as critical as securing blockchain technology itself.
#Coinbase #CEO #Announces #Arrest #India #Insider #Data #Breach #Brave #Coin