A not too long ago disclosed knowledge breach at Coinbase has been linked to India-based buyer assist representatives from outsourcing agency TaskUs, who risk actors bribed to steal knowledge from the crypto alternate.
In response to Reuters, who spoke to quite a few TaskUs workers, the info breach was first found in January after a TaskUs worker was caught capturing images of her pc display utilizing a private machine.
Reportedly, the incident was witnessed by a number of TaskUs workers, and through the subsequent investigations, two admitted they have been funneling delicate Coinbase person knowledge to exterior hackers in alternate for bribes.
Upon confirming the info theft in January 2025, TaskUs knowledgeable Coinbase accordingly, 4 months earlier than the breach was publicly disclosed.
Coinbase first disclosed the incident on Might 15, stating that rogue assist brokers stole buyer knowledge, together with names, emails, partial monetary data and SSN, transaction historical past, and ID doc scans.
“Cyber criminals bribed and recruited a bunch of rogue abroad assist brokers to steal Coinbase buyer knowledge to facilitate social engineering assaults. These insiders abused their entry to buyer assist programs to steal the account knowledge for a small subset of consumers,” learn Coinbase’s assertion.
Coinbase additional acknowledged that the risk actors demanded a ransom fee of $20,000,000 from Coinbase to not publish the stolen knowledge.
As an alternative of succumbing to the calls for, the cryptocurrency alternate supplied an equal-value reward to unmask these answerable for the extortion try. Coinbase estimated that the incident would trigger losses of as much as $400 million.
On Might 21, Coinbase began notifying practically 70,000 clients who have been impacted by the incident.
BleepingComputer contacted each Coinbase and TaskUs concerning the Reuters report, and a TaskUs spokesperson confirmed that they have been concerned however acknowledged the workers have been recruited as a part of a a lot bigger, coordinated felony marketing campaign.
“Early this 12 months we recognized two people who illegally accessed data from one among our shoppers,” TaskUs informed BleepingComputer.
“We imagine these two people have been recruited by a wider, coordinated felony marketing campaign towards this shopper that additionally impacted a lot of different suppliers servicing this shopper.”
“We instantly reported this exercise to the shopper, terminated the people concerned, and are coordinating with legislation enforcement. Out of an abundance of warning, TaskUs ceased all Coinbase operations in Indore, India, in early January 2025, impacting 226 teammates. Following the investigation, all teammates, excluding the 2 dangerous actors, have been supplied a beneficiant severance bundle, together with six months of pay.”
Indian media beforehand lined TaskUs’ firing of workers in India, which led to protests by employees.
Coinbase has not responded to BleepingComputer’s request for a remark.
Guide patching is outdated. It is sluggish, error-prone, and hard to scale.
Be part of Kandji + Tines on June 4 to see why outdated strategies fall quick. See real-world examples of how trendy groups use automation to patch sooner, lower threat, keep compliant, and skip the advanced scripts.
