Politics
NEW: Coinbase Employee Arrested In Connection With $400 Million Cryptocurrency Heist
Coinbase CEO Brian Armstrong on Friday announced the arrest of a former customer service agent in India in connection with a major data breach that occurred earlier in the year.
The incident, which Coinbase estimated could cost up to $400 million to remedy, involved the theft of sensitive customer information through insider bribery. The arrest was carried out by the Hyderabad Police, marking a significant development in the ongoing investigation into one of 2025’s largest cryptocurrency-related security incidents.
The alleged fraud centered on a scheme where cybercriminals bribed Coinbase’s overseas support agents and contractors to access and leak customer data. This data included home addresses, bank details, user identification photos, and other personal information from thousands of accounts.
According to estimates, the breach affected over 69,000 customer accounts, though no direct theft of cryptocurrency funds from Coinbase’s platform occurred. Instead, the stolen data was used to facilitate social engineering attacks, where scammers impersonated legitimate entities to trick victims into transferring funds.
These attacks targeted high-net-worth individuals, including those with seven- or eight-figure balances on the platform, leading to substantial losses estimated between $200 million and $400 million in stolen assets from users.
Suspicious activity was first detected by Coinbase in January 2025, months before the hackers formally contacted the company in May 2025. The attackers had been targeting support staff in outsourcing operations, particularly in India, as early as December 2024.
Reuters had previously reported that an employee of Coinbase’s contractor, TaskUs, in India was involved, with one female employee allegedly filming client information and selling it to hackers. This led to the firing of over 200 staff members.
In May, the perpetrators demanded a $20 million ransom to withhold the data from public release or further exploitation. Coinbase refused to pay, opting instead to offer a $20 million reward for information leading to the arrests and convictions of those responsible
“What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data,” said Coinbase Chief Security Officer Philip Martin.
Armstrong confirmed the arrest in a social media post and stated that more arrests will be coming in the near future. “We have zero tolerance for bad behaviour and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said.
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
— Brian Armstrong (@brian_armstrong) December 26, 2025
Exact details on the suspect or specific charges have not been released as of this report. The arrest follows earlier U.S. legal actions, including charges filed by the Brooklyn District Attorney against an individual in New York for running “a long-running impersonation scheme targeting Coinbase customers.”
