A not too long ago disclosed data breach at Coinbase has been linked to India-based buyer assist representatives from outsourcing agency TaskUs, who menace actors bribed to steal knowledge from the crypto alternate.
In line with Reuters, who spoke to quite a few TaskUs staff, the data breach was first found in January after a TaskUs worker was caught capturing photographs of her laptop display utilizing a private system.
Reportedly, the incident was witnessed by a number of TaskUs staff, and throughout the subsequent investigations, two admitted they had been funneling delicate Coinbase consumer knowledge to exterior hackers in alternate for bribes.
Upon confirming the info theft in January 2025, TaskUs knowledgeable Coinbase accordingly, 4 months earlier than the breach was publicly disclosed.
Coinbase first disclosed the incident on Might 15, stating that rogue assist brokers stole buyer knowledge, together with names, emails, partial monetary info and SSN, transaction historical past, and ID doc scans.
“Cyber criminals bribed and recruited a gaggle of rogue abroad assist brokers to steal Coinbase buyer knowledge to facilitate social engineering assaults. These insiders abused their entry to buyer assist programs to steal the account knowledge for a small subset of consumers,” learn Coinbase’s assertion.
Coinbase additional said that the menace actors demanded a ransom fee of $20,000,000 from Coinbase to not publish the stolen knowledge.
As an alternative of succumbing to the calls for, the cryptocurrency alternate supplied an equal-value reward to unmask these answerable for the extortion try. Coinbase estimated that the incident would trigger losses of as much as $400 million.
On Might 21, Coinbase began notifying almost 70,000 clients who had been impacted by the incident.
BleepingComputer contacted each Coinbase and TaskUs concerning the Reuters report, and a TaskUs spokesperson confirmed that they had been concerned however said the staff had been recruited as a part of a a lot bigger, coordinated legal marketing campaign.
“Early this yr we recognized two people who illegally accessed info from one in all our shoppers,” TaskUs advised BleepingComputer.
“We consider these two people had been recruited by a much wider, coordinated legal marketing campaign towards this consumer that additionally impacted quite a lot of different suppliers servicing this consumer.”
“We instantly reported this exercise to the consumer, terminated the people concerned, and are coordinating with legislation enforcement. Out of an abundance of warning, TaskUs ceased all Coinbase operations in Indore, India, in early January 2025, impacting 226 teammates. Following the investigation, all teammates, excluding the 2 unhealthy actors, had been supplied a beneficiant severance package deal, together with six months of pay.”
Indian media beforehand lined TaskUs’ firing of staff in India, which led to protests by employees.
Coinbase has not responded to BleepingComputer’s request for a remark.
Handbook patching is outdated. It is gradual, error-prone, and difficult to scale.
Be part of Kandji + Tines on June 4 to see why previous strategies fall quick. See real-world examples of how fashionable groups use automation to patch quicker, reduce danger, keep compliant, and skip the advanced scripts.
