
Cryptocurrency exchange Coinbase has found itself at the center of a data breach scandal, with sources claiming that the company’s leadership was aware of the incident as early as January 2025. The breach was traced to TaskUs, an Indian contractor, and the estimated impact could reach up to $400 million. The circumstances surrounding the event expose critical flaws in the exchange’s security infrastructure and raise pressing questions about its commitment to transparency.
At the heart of the breach was the conduct of a TaskUs employee based in Indore, India. According to five former company employees, she had been photographing her computer screen with a personal mobile phone. Three of these individuals, along with an additional source, allege that the captured images were passed to hackers in exchange for financial compensation. It is believed she was not acting alone and that an accomplice was also involved in the illicit transmission of Coinbase customer data.
A source familiar with the internal investigation stated that Coinbase was immediately notified of the breach. Nonetheless, the company only officially disclosed the data compromise on May 14 in a report to the U.S. Securities and Exchange Commission (SEC), claiming that the incident was recognized as part of a broader extortion campaign only after receiving a ransom demand on May 11. The report also noted that contractors had accessed internal data in “recent months” without business justification, though it stopped short of explicitly connecting this to the already known leak.
The link to TaskUs was formally established in a lawsuit filed last week in Manhattan federal court, where the outsourcing firm was named for the first time. However, newly uncovered details reported by Reuters paint an even graver picture and highlight a growing disconnect between the actual timeline of events and Coinbase’s public narrative.
Former TaskUs employees revealed that, following the breach, the company initiated a sweeping internal purge—terminating over 200 employees, an action that reverberated across Indian media. Despite this, Coinbase’s public statements remained vague, attributing the breach to “foreign agents” without specifying their identities.
In a statement to Reuters, Coinbase claimed it had only “recently” become aware of the breach and had already taken corrective measures, including severing ties with the implicated TaskUs employees and other foreign contractors, as well as tightening internal controls. However, it declined to name any additional firms involved.
TaskUs, for its part, confirmed that it had dismissed two employees earlier in the year for unauthorized access to client data, though the client’s identity was not disclosed. The company’s representatives suggested that the two individuals may have been recruited as part of a broader, coordinated criminal campaign targeting not only Coinbase but also other service providers linked to the same client.
A well-placed source confirmed that the client in question was indeed Coinbase and that the incident had taken place in January—casting serious doubt on the company’s claim that it only understood the extent of the breach after the ransom note in May. Such a delay in public acknowledgment could carry significant regulatory and legal consequences.
This incident is not an isolated case in the cryptocurrency exchange sector. Similar security lapses have plagued other market players, including cases involving compromised API keys and breaches through Indian subcontractors. At present, it remains unclear whether any suspects have been formally charged or detained. Authorities in Indore, the city where the breach occurred, have declined to comment.