Coinbase was aware of a data breach involving its third-party contractor TaskUs as early as January 2025, months before it publicly disclosed the incident. The breach stemmed from a support agent in India who was allegedly leaking customer information for bribes, leading to a $20 million ransom demand from hackers. TaskUs confirmed the termination of employees involved and claimed the breach was part of a wider scheme targeting multiple service providers. Coinbase officially reported the breach in May, stating that it affected less than 1% of its users and involved customer names, addresses, and some identification documents. No financial accounts or passwords were compromised. Following the disclosure, Coinbase saw a decline in stock prices, resulting in a shareholder lawsuit for failing to promptly reveal the breach and previous regulatory issues. In response to the ransom threat, Coinbase refused payment and initiated a bounty for information on the attackers.

Source đź”—