Coinbase Sat on Vendor Hack Risk for Months—Customer Data Left in the Crosshairs
Behind the glossy facade of crypto’s ’most trusted’ exchange, a ticking time bomb went ignored. Internal alarms blared for months before Coinbase fessed up to a vendor breach exposing user data—because nothing says ’security-first’ like letting customers twist in the wind.
When transparency moves at the speed of a compliance department covering its ass, maybe your funds really are safer under the mattress. Just don’t tell the VCs.
Mass Firing at TaskUs Follows Breach Tied to Coinbase Hack
The woman and a suspected accomplice were accused of selling Coinbase customer data to hackers in exchange for bribes. The breach, which was first made public in a May 14 SEC filing, compromised the information of nearly 70,000 users.
Stolen data included customer names, phone numbers, addresses, ID documents, account balances and transaction history. Internal company documents were also accessed.
More than 200 TaskUs employees were reportedly fired in the aftermath, a mass termination that drew local press coverage in India. TaskUs confirmed that two employees were dismissed early in the year for illegally accessing client data, though the company did not name Coinbase.
Coinbase is facing at least six class-action lawsuits after a major data breach involving bribed overseas support staff.#coinbase #lawsuithttps://t.co/d8dVrvb7zF
Coinbase Cut Ties With Overseas Agents After Vendor Breach
Coinbase, in its May SEC filing, admitted that contractors had accessed internal employee data without a business need in “previous months.” However, it said the breach only became apparent after it received an extortion demand on May 11.
The hackers allegedly demanded $20m in exchange for not leaking the stolen data. Coinbase refused to pay the ransom and instead announced a $20m bounty for information leading to those responsible.
In response, Coinbase said it terminated the TaskUs personnel involved, cut ties with other overseas agents, and implemented tighter controls. It has not publicly named the other foreign agents implicated.
The data breach, which began with unauthorized access in Dec. 2024, shows growing concerns over the security of outsourced customer support operations. Coinbase has estimated the financial fallout from the incident could fall between $180m and $400m.
The exchange is now dealing with investor lawsuits alleging they incurred substantial losses and damages because of the company’s misleading statements.
