- 1
- 0
The cryptocurrency exchange Coinbase has found itself at the center of a data leak scandal, with informed sources claiming that the company's management knew about the incident as early as January 2025. The leak occurred through an Indian contractor, TaskUs, and the scale of the damage is estimated at up to $400 million. The circumstances of the incident shed light on the shortcomings in the exchange's security system and raise questions about the transparency of its actions.
The key moment in the leak was the activities of a TaskUs employee in the Indian city of Indore. According to five former employees of the company, she took pictures of her work computer screen with her personal phone. According to statements by three of them and another source, the information from these pictures could have been transferred to hackers for a monetary reward. It is assumed that she did not act alone - she had an accomplice who was also involved in the transfer of Coinbase client data.
A source familiar with the internal investigation claims that Coinbase was notified of the incident immediately. Despite this, the company only officially acknowledged the breach on May 14 in a filing with the U.S. Securities and Exchange Commission (SEC), which said it only realized it was part of a larger campaign after receiving a ransom demand on May 11. The report also said contractors had accessed internal data “without a business need” in “previous months,” but did not say whether this was related to the already known breach.
The connection between the incident and TaskUs was confirmed by a lawsuit filed in Manhattan federal court last week, which for the first time named the outsourcing company in particular. But details now revealed by Reuters make the situation more alarming, highlighting the gap between what actually happened and what was publicly acknowledged.
According to former TaskUs employees, the breach was followed by a massive purge, with more than 200 workers fired, which has caused a stir in the Indian media. Despite this, Coinbase has long limited itself to general language in its public communications, speaking of “support from foreign agents.”
In a statement to Reuters, Coinbase representatives emphasized that the company allegedly “recently” discovered the incident and has already taken action — severing ties with TaskUs employees and other foreign agents involved, and strengthening internal controls. However, the names of other contractors involved were not disclosed.
In turn, TaskUs confirmed that it did fire two employees earlier this year for illegally accessing information of an unnamed client. The company claims that the two were likely recruited as part of a larger, coordinated criminal campaign targeting not only Coinbase, but also other service providers associated with the same client.
A source familiar with the matter confirmed that it was Coinbase and that the events took place in January. This casts doubt on the theory that the company only learned of the scale of the incident in May, after receiving blackmail. Such a delay in public recognition could have legal and regulatory implications.
This incident is not an isolated case in the world of cryptocurrency exchanges. Similar security issues have previously occurred at other players in the market, including cases involving API keys and hacks of Indian contractors . It is not yet known whether any charges have been brought or suspects detained. Police in the Indian city of Indore, where the incident occurred, did not provide comment.
The key moment in the leak was the activities of a TaskUs employee in the Indian city of Indore. According to five former employees of the company, she took pictures of her work computer screen with her personal phone. According to statements by three of them and another source, the information from these pictures could have been transferred to hackers for a monetary reward. It is assumed that she did not act alone - she had an accomplice who was also involved in the transfer of Coinbase client data.
A source familiar with the internal investigation claims that Coinbase was notified of the incident immediately. Despite this, the company only officially acknowledged the breach on May 14 in a filing with the U.S. Securities and Exchange Commission (SEC), which said it only realized it was part of a larger campaign after receiving a ransom demand on May 11. The report also said contractors had accessed internal data “without a business need” in “previous months,” but did not say whether this was related to the already known breach.
The connection between the incident and TaskUs was confirmed by a lawsuit filed in Manhattan federal court last week, which for the first time named the outsourcing company in particular. But details now revealed by Reuters make the situation more alarming, highlighting the gap between what actually happened and what was publicly acknowledged.
According to former TaskUs employees, the breach was followed by a massive purge, with more than 200 workers fired, which has caused a stir in the Indian media. Despite this, Coinbase has long limited itself to general language in its public communications, speaking of “support from foreign agents.”
In a statement to Reuters, Coinbase representatives emphasized that the company allegedly “recently” discovered the incident and has already taken action — severing ties with TaskUs employees and other foreign agents involved, and strengthening internal controls. However, the names of other contractors involved were not disclosed.
In turn, TaskUs confirmed that it did fire two employees earlier this year for illegally accessing information of an unnamed client. The company claims that the two were likely recruited as part of a larger, coordinated criminal campaign targeting not only Coinbase, but also other service providers associated with the same client.
A source familiar with the matter confirmed that it was Coinbase and that the events took place in January. This casts doubt on the theory that the company only learned of the scale of the incident in May, after receiving blackmail. Such a delay in public recognition could have legal and regulatory implications.
This incident is not an isolated case in the world of cryptocurrency exchanges. Similar security issues have previously occurred at other players in the market, including cases involving API keys and hacks of Indian contractors . It is not yet known whether any charges have been brought or suspects detained. Police in the Indian city of Indore, where the incident occurred, did not provide comment.