Coinbase, the largest crypto exchange in the U.S., is under fire after Reuters reported the company knew about a massive customer data leak as early as January 2025 but only disclosed it in May. The breach, potentially costing the exchange up to $400 million, exposed sensitive information of over 69,000 users, raising serious questions about trust and transparency in the crypto world.
Coinbase Allegedly Knew of the Breach
The leak was uncovered when Coinbase discovered a data leak involving an India-based employee at TaskUs, an outsourcing firm managing the company’s customer support since 2017. The employee was caught photographing sensitive customer data and allegedly selling it to hackers.
In January, after the incident, Coinbase fired over 200 TaskUs staff but did not grasp the breach’s extent until May 11, when hackers demanded a $20 million Bitcoin ransom. The exchange refused to pay and instead offered a reward for information on the attackers.
According to statements from three former employees and an individual with knowledge of the situation, Coinbase was promptly alerted to the incident. The ex-employees indicated that they received briefings from company investigators or colleagues who witnessed the incident in Indore, India. It was reported that a female employee, along with a suspected accomplice, was allegedly disseminating the exchange’s customer information to hackers in exchange for monetary compensation.
The company disclosed the breach in a May filing, admitting it had known about the unauthorized access for months.
Coinbase Users Frown at Delayed Information
Coinbase’s delay in disclosing the breach has sparked outrage, as it left users vulnerable for months. The exposed data, including home addresses, has raised fears of real-world crimes like robberies or kidnappings, especially after recent crypto-related violent incidents, such as the January abduction of Ledger’s co-founder.
Investors and users felt betrayed, as the delay eroded trust in Coinbase, a publicly traded company handling billions in daily volume.
The firm’s delay in revealing a $400 million data leak has drawn legal scrutiny. The company assures it is cooperating with law enforcement, offering free identity protection to affected users, and has cut ties with TaskUs. Coinbase is also tightening security protocols and urging users to enable two-factor authentication.
