On December 27, 2025, a former employee of the leading U.S. cryptocurrency exchange Coinbase Global Inc. was arrested in India on suspicion of accepting hacker bribes and selling sensitive customer information.
Coinbase’s CEO Brian Armstrong announced on Friday, December 26, that a former customer service staff member in India had been apprehended. In the previous months, hackers bribed customer service personnel to obtain customer information.
In May, the company revealed that hackers had bribed contractors or employees outside the U.S. to steal sensitive customer data and demanded a $20 million ransom.
This was one of the most notable security breaches faced by a cryptocurrency trading platform. At the time, Coinbase, headquartered in San Francisco, estimated that the cost of remedying the incident could reach up to $400 million.
A spokesperson for Coinbase confirmed the arrest in India and added that the company had previously collaborated with the Brooklyn District Attorney’s Office to file a lawsuit against a Brooklyn man accused of “impersonating Coinbase customers.”
On Friday, Coinbase’s stock price fell approximately 1.2% to $236.79. The stock has already dropped by about 4.6% this year.
According to previous media reports, Coinbase’s contractor TaskUs experienced a data leak involving improper behavior by internal staff at a support center in India.
Reportedly, a TaskUs employee took photos of customer data and sold it to hackers. The hackers obtained names, addresses, masked bank information, and identification documents, but no financial or password information was leaked. The hackers further used this information to impersonate Coinbase and defraud users of their cryptocurrency assets.
On May 11, Coinbase received a $20 million ransom demand from the hackers.
CEO Armstrong rejected the threat and pledged to compensate affected users while offering a $20 million reward to encourage individuals to provide information leading to the arrest of those involved.
The implicated internal staff members have been dismissed, and Coinbase has reminded users to remain vigilant against potential future scam attacks. The company emphasized that they will never ask for passwords or request users to transfer assets.