The U.S.-based exchange is facing $307 million in costs related to the data breach.
Indian authorities have arrested a former Coinbase customer service agent in Hyderabad in connection with the exchange’s data breach disclosed earlier this year. The announcement came directly from CEO Brian Armstrong.
“We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said in a post on X. “Another one down — and more still to come.”
The security compromise, which Coinbase says began in December 2024, stemmed from a corruption scheme targeting overseas customer support staff. Cybercriminals allegedly paid customer service agents to gain access to internal systems and extract sensitive user information, including full names, residential addresses, phone numbers, and government-issued identification documents.
According to a filing submitted to the Maine Attorney General’s Office, the platform confirmed that 69,461 users were affected by the security incident.
Following the breach, the attackers issued a $20 million ransom demand, which Coinbase rejected. The company instead launched an equivalent reward program, offering financial incentives for information leading to arrests and the recovery of stolen assets.
An investigation by Fortune later linked the incident to customer support agents employed by TaskUs, a Texas-based outsourcing firm with operational hubs in India. TaskUs confirmed it had identified two employees who were allegedly recruited as part of a broader criminal campaign that also targeted other service providers working with Coinbase.
In its second-quarter financial results, Coinbase reported $307 million in breach-related costs, allocated to mitigation efforts and reimbursements for affected customers. The exchange is also facing a shareholder class-action lawsuit alleging that Coinbase failed to disclose the security compromise in a timely manner.
