69,000 Users Affected by Indian Outsourcing Leak

Coinbase is under heightened scrutiny following revelations that it may have known as early as January 2025 about a massive breach involving outsourced customer support agents, months before the crypto exchange publicly acknowledged the security lapse.

Sources familiar with the situation disclosed that the breach stemmed from an India-based employee at TaskUs, a US outsourcing firm long contracted by Coinbase.

The individual was reportedly caught covertly photographing her workstation and, along with an alleged accomplice, funneling sensitive customer information to cybercriminals in exchange for bribes. The incident triggered the termination of over 200 TaskUs employees in Indore, in what now appears to be a coordinated criminal infiltration of Coinbase’s support infrastructure.

Delayed Breach Disclosure

Although Coinbase later tied its $400 million loss to “support agents overseas,” the company waited until a May SEC filing, triggered by a ransom demand, to fully acknowledge the scope of the incident.

The breach was not limited to a single rogue actor. According to internal accounts, it was part of a broader campaign that also targeted other BPO firms servicing Coinbase.

The compromised data, which impacted more than 69,000 customers, was reportedly not sufficient to access Coinbase’s internal wallets but did let scammers convincingly impersonate Coinbase agents and socially engineer customers out of their crypto holdings.

While Coinbase says it has reimbursed affected users, questions linger over the company’s timeline and transparency.

TaskUs Accused of Negligence

A class-action lawsuit now accuses TaskUs of negligence, suggesting the BPO provider failed to enforce appropriate data safeguards. TaskUs, however, denied the charge.

Despite their assurances of strong training and security protocols, the incident raises deeper concerns about the vulnerabilities embedded in outsourcing sensitive customer interactions to low-wage, offshore workers. These workers, while cost-efficient, are often underpaid and undertrained. These conditions may have made them vulnerable to external coercion.

Coinbase insists it acted decisively upon discovering the fraud, and cut ties with implicated agents as well as revamping its security measures. Despite this, the timeline points to potential lapses in internal threat detection and risk governance, particularly given that Coinbase’s own filings revealed unauthorized access occurring in “previous months.”