Coinbase reportedly became aware of a customer data breach linked to its third-party contractor TaskUs as early as January—months before publicly disclosing the incident—according to a Reuters report citing six sources familiar with the matter.
The breach, allegedly involving a TaskUs support agent based in India, came to light after the employee was found photographing her computer screen using a mobile phone. According to five former TaskUs staff, the employee and an accomplice are suspected of selling Coinbase user data to hackers in exchange for bribes.
“We immediately reported this activity to the client,” TaskUs told Reuters, stating that two employees were terminated for illegal data access. The company added that the breach appeared to be part of a broader, coordinated campaign targeting Coinbase and other service providers.
Coinbase publicly disclosed the breach in a May 14 filing with the U.S. Securities and Exchange Commission (SEC), followed by a blog post the next day. The company confirmed that attackers accessed user names, physical addresses, masked bank information, and identification documents by compromising support staff though no passwords or funds were stolen.
On May 11, Coinbase received a $20 million ransom demand in Bitcoin, which the company declined, prompting public disclosure. Coinbase stated that threat actors had bribed multiple third-party contractors or internal employees to access sensitive systems. The company said its own security monitoring had already detected unauthorized access “in the previous months.”
Reuters reported that TaskUs a U.S.-based outsourcing firm with over 61,000 employees in 12 countries was tied to at least part of the breach.
“They then tried to extort Coinbase for $20 million to cover this up. We said no,” the company said. In response, CEO Brian Armstrong announced a $20 million bounty for information leading to the attackers’ arrest, stating in a video, “We are not going to pay your ransom.”
Coinbase claimed that fewer than 1% of its users were affected by the incident. The company has since severed ties with TaskUs and other offshore agents involved and says it has strengthened its internal security protocols.
The breach has sparked legal action. On May 22, shareholder Brady Nessler filed a lawsuit in federal court in Pennsylvania, accusing Coinbase of violating securities laws by failing to disclose the breach in a timely manner. The suit also alleges the company concealed prior regulatory issues.
Coinbase’s stock fell 7% following the disclosure but has since recovered, buoyed by its recent addition to the S&P 500 index. At the time of writing, Coinbase stock is trading at $246.72, up 0.98% in the last 24 hours.
