Cryptocurrency exchange Coinbase is under scrutiny following revelations that a customer data leak tied to its operations may have originated from India-based employees of outsourcing partner TaskUs, sources familiar with the matter told Reuters.
According to six people with direct knowledge of the situation, Coinbase was made aware of the breach as early as January 2025—months before publicly disclosing the incident in a May 14 SEC filing. The breach, which may cost the company up to $400 million, was partly triggered by an employee in Indore, India, who allegedly photographed customer data from her work computer using a personal smartphone.
Allegations of Internal Bribery
Sources said the woman and a suspected accomplice may have been passing sensitive Coinbase customer data to hackers in exchange for bribes. At least three former TaskUs employees and one other individual familiar with internal investigations confirmed that Coinbase was alerted immediately following the incident.
As the investigation widened, more than 200 TaskUs employees were reportedly terminated in a mass layoff, an event that drew significant media coverage in India.
Coinbase Responds
In its SEC filing, Coinbase stated that while it had been aware of unauthorized contractor access to internal data “without business need” in recent months, it only realized the full scope of the breach after receiving an extortion threat on May 11.
In a statement issued to Reuters on Wednesday, Coinbase confirmed the breach and said it had since severed ties with the implicated TaskUs personnel and other overseas agents, while also implementing stricter internal controls. The company did not name any of the additional foreign agents involved.
TaskUs Issues Statement
In response, TaskUs confirmed that two employees were terminated earlier this year after they illegally accessed sensitive client information. While the client was not named, the company added that the breach appeared to be part of a “broader, coordinated criminal campaign” targeting multiple service providers for the same client.
“We immediately reported this activity to the client,” said TaskUs in its official statement.
Broader Implications
The breach raises critical concerns about data security in outsourced operations, especially as global tech firms increasingly rely on offshore support teams. It also puts pressure on Coinbase to explain when it first became fully aware of the scope of the breach and what immediate actions were taken.
This incident comes amid a growing wave of cyber threats targeting financial platforms, prompting renewed calls for stricter vendor oversight and transparency in the crypto industry.