Inside the Heist: How Teen Hackers Exploited an Indian Call Center to Drain Coinbase Accounts
Forget Hollywood scripts—this breach was real, reckless, and alarmingly simple. A group of minors turned social engineering into a digital smash-and-grab, targeting one of crypto’s biggest names.
How they did it: The teens impersonated Coinbase support staff through a third-party call center, bypassing 2FA like it was a turnstile. No zero-day exploits, no dark web malware—just old-fashioned manipulation with a crypto twist.
The fallout: While Coinbase’s PR team scrambled to call it ’an isolated incident,’ the attack exposed the industry’s weakest link: human operators. Another reminder that in crypto, your assets are only as secure as the worst-trained contractor handling your support ticket.
Closing thought: Maybe decentralized finance should start by decentralizing its customer service—before the next teen ’genius’ does it for them.
TaskUs and the Indore Connection
The call center in question wasn’t run by Coinbase directly. It was operated by TaskUs, a Texas-based outsourcing company that’s been handling Coinbase’s customer service since 2017.
As per TaskUs’ own filings, the company has been providing overseas support staff to Coinbase for years — a cost-saving arrangement that, it turns out, had serious security gaps.
In January 2025, just weeks after Coinbase discovered the breach, TaskUs laid off 226 employees from its Indore facility. Officially, the layoffs weren’t linked to the hack. Unofficially, the timing tells a different story.
TaskUs later admitted that two employees had illegally accessed client data, and suggested the breach was part of a wider, coordinated campaign that targeted multiple service providers. Coinbase wasn’t the only company affected, but it may have been the hardest hit.
Low Wages, High Risk
Agents at the Indore center were reportedly making between $500 and $700 a month — enough to make bribery tempting. These agents weren’t supposed to have DEEP access, but the nature of their job, responding to customer inquiries and account issues, gave them just enough access to be dangerous.
Once the hackers had internal records, they didn’t need to hack anything else. They reached out to customers, posed as support staff, and persuaded them to hand over their crypto funds. It was all done through conversation, over the phone, on Telegram, and via email.
These weren’t amateur phishing attempts either. Investigators say the attackers spoke in fluent, accentless English, making it difficult for victims to suspect anything. Some of them even attempted to blackmail Coinbase, demanding money in exchange for keeping the breach quiet.
Fallout Begins
Coinbase responded by offering a $20 million bounty for information that could lead to those behind the attack. Meanwhile, a class-action lawsuit has been filed in New York, accusing TaskUs of negligence in safeguarding user data.
TaskUs says it’s committed to improving security and has dismissed the claims as “without merit.” But in India’s booming BPO industry, the incident is being seen as a cautionary tale.
As global tech companies continue to offshore customer support, questions are growing about how well-protected user data really is, especially when agents are underpaid, undertrained, and easily targeted.
Bigger Than Just Coinbase
This isn’t the first time Indian call centers have been used to target global users, but the scale of this breach — and the fact that it involved a publicly listed company — makes it a turning point. It also signals how vulnerable the backend operations of major tech firms have become.
For now, the identity of the teenage hackers remains unclear, though some evidence points to a loosely organized group known for social engineering scams. What’s certain is this: no amount of encryption or blockchain security can protect a system from people on the inside being bought off.
And in this case, the inside happened to be a support desk in Indore, answering emails for one of the biggest crypto exchanges in the world.
Also Read: Coinbase to Offer 24/7 XRP, solana Futures to US Institutional Traders
