Simply put
- Coinbase reportedly became aware of a data breach related to its third-party contractor Taskus back in January.
- Allegations have surfaced that some Taskus employees leaked customer information in exchange for bribes.
- The hackers are demanding $20 million in Bitcoin from Coinbase.
In January, Coinbase identified a breach affecting customer data that involved its outsourcing partner Taskus, several months before disclosing the incident.
According to five former employees of Taskus, the security violation was linked to an agent in India who, for work purposes, filmed computer screens during phone calls.
This individual and a collaborator allegedly sold Coinbase user data to hackers in return for payment.
“We immediately reported this activity to our client,” stated Taskus, mentioning that two employees were let go due to unauthorized access. They view the incident as part of a larger, orchestrated effort targeting Coinbase and other similar service providers.
Coinbase and Taskus were approached for comments regarding this matter.
This breach became public following a SEC filing on May 14 and a blog post on May 15.
The company revealed that hackers accessed customers’ names, addresses, masked bank details, and identity documents through the compromised support staff, although funds and passwords were left untouched. On May 11, Coinbase received a ransom demand of $20 million in Bitcoin.
Furthermore, it’s said that the threat actors gained access by making payments to several contractors or employees who had undue access to Coinbase’s internal data systems, highlighting that “instances where personnel accessed data without business necessity were independently detected by company security the previous month.”
Reports suggest these breaches were, at least in part, connected to Taskus, a U.S.-based outsourcing firm with over 61,000 employees across 12 countries.
“Then they attempted to extort Coinbase for $20 million. We declined,” stated the company, with CEO Brian Armstrong offering a $20 million reward for information that could lead to the attacker’s apprehension. “We are not going to pay your ransom,” he expressed in a video announcement.
The breach impacted less than 1% of Coinbase’s user base. The company later stated it cut ties with Taskus and other international agents implicated in the incident while enhancing its internal controls.
Following the breach, a lawsuit was filed on May 22 in a federal court in Pennsylvania. Investor Brady Nessler accused Coinbase of securities law violations for not disclosing the breach in a timely manner, alleging that the company had hidden past regulatory concerns.
After the disclosure, Coinbase shares dropped by 7% but later regained strength, particularly after being included in the S&P 500.
