Coinbase Hit by Insider Data Leak and Ransom Demand
Coinbase disclosed on May 15, 2025, a significant data breach affecting sensitive customer information including names, IDs, phone numbers, and addresses. The exchange also revealed that attackers attempted a $20 million ransom-style extortion. However, Reuters reports indicate Coinbase may have been aware of the breach as early as January 2025. In its May SEC filing, Coinbase acknowledged learning about accessed employee data “in previous months” but only understood the full scale after receiving the extortion demand.
Source of the Breach
Investigations revealed the breach originated from an India-based employee of TaskUs, a U.S.-based outsourcing company. Former TaskUs employees stated that this individual was caught taking photos of customer data on her work computer with a personal device. Along with an accomplice, the employee allegedly sold Coinbase user information to malicious actors for financial gain. TaskUs confirmed that two employees were terminated due to unauthorized access among a wider investigation involving over 200 personnel. The company described the incident as part of a “broader, coordinated criminal campaign.”
Industry Impact and Response
Following the breach, Coinbase severed ties with the involved staff and tightened security controls. Despite these measures, the timing of the public disclosure—months after initial awareness—has sparked debate over transparency and risk management in the crypto sector.
Security breaches remain a persistent threat to the cryptocurrency industry. In May alone, hacks and exploits reportedly caused losses exceeding $244 million, underscoring the critical need for robust cybersecurity measures.
Disclaimer: This article is for informational purposes only and does not constitute investment advice. Cryptocurrencies and stocks, particularly in micro-cap companies, are subject to significant volatility and risk. Please conduct thorough research before making any investment decisions.
[…] Jaewoo Cho of Hansung University provided a more thorough explanation of the breach the next day. He connected the event to Upbit’s internal signing system’s biased or […]