Social Engineering Scam Targets Coinbase Users—Here’s How They Got Duped

Hackers bypassed security protocols by exploiting human psychology—turning Coinbase users into unwitting accomplices.

How it happened: Phishing campaigns, fake support reps, and urgency tactics drained wallets before victims realized they’d been played.

The irony? Crypto’s ‘trustless’ system still hinges on trusting strangers not to impersonate customer service. Stay skeptical, folks—Wall Street’s wolves just wear new collars.

Inside the campaign to exploit Coinbase’s BPO network

Coinbase had long partnered with TaskUs, a Texas-based outsourcing firm, to cut labor costs by assigning customer support duties to offshore teams. Since 2017, TaskUs agents have handled Coinbase customer inquiries, often from countries with lower wages. In Indore, India, those agents reportedly earned between $500 and $700 per month, low enough to attract criminal bribes.

In the company’s May filing, Coinbase admitted that it didn’t know the full scale of the attack until May 11, when it received a $20 million extortion demand. In response, the company severed ties with TaskUs employees responsible for the breach as well as with some other unnamed foreign contractors. Coinbase also said it had notified regulators, reimbursed affected users, and strengthened its internal controls.

In its public statement, TaskUs acknowledged firing two staff for data theft but did not name Coinbase. The company said the two were part of a coordinated criminal campaign that had hit other service providers tied to the client.

Hackers used social engineering to trick Coinbase users

Coinbase’s crypto wallets were not directly breached in the attack. Instead, hackers used the stolen personal information to impersonate Coinbase employees in a wave of social engineering scams. They would pretend to be support agents, tricking victims into moving their crypto assets.

Security researchers believe a loosely organized group known as “the Comm” orchestrated the breach. The group comprises young hackers experienced in conducting high-profile attacks, with one of its hits being casinos and crypto firms.

A report by Fortune also stated that the hackers had different roles for their members—some bribed insiders to steal data while others executed the scams. Social media platforms such as Telegram and Discord were used to coordinate operations and split the proceeds.

The impersonation schemes, investigators noted, were more effective as those targeting Coinbase customers spoke in fluent North American English. Scammers were able to leverage the stolen info to appear credible enough to get users to turn over their crypto.

Even after the breach, Coinbase is ramping up its operations. The company recently added to the S&P 500 index and recently made a strategic acquisition announcement. CEO Brian Armstrong said he still plans to make Coinbase a leading global financial services app within the next 10 years.

The Coinbase attack comes amid major growth in crypto hacks that have exceeded $2.2 billion by 2024, Chainalysis reports, highlighting the perils of outsourcing and attackers’ increased digital sophistication.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot