In a controversial revelation for Coinbase customers, Reuters reported that the US’s largest cryptocurrency exchange was aware of a major data breach involving a third-party contractor four months before publicly disclosing the incident in May.
Coinbase Learned of Client Data Breach Four Months Before Disclosure: Reuters
6 June 2025 - 23:41 CEST
The breach was traced to an employee of TaskUs, a support contractor based in India, who in January of this year allegedly sent photos of sensitive customer data to hackers in exchange for payment.
Data for hire
The stolen information affected approximately 1% of Coinbase’s user base and included names, dates of birth, addresses, and bank account details. After the breach, Coinbase said it received a $20 million ransom demand in exchange for deleting the compromised data.
In response, the company severed ties with TaskUs and declined to pay the ransom, instead offering a $20 million bounty for information leading to the hackers' capture by the authorities.
Coinbase “cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls,” the company told Reuters, without clarifying who the other overseas agents were.
Dwindling public trust in traditional financial systems and institutions was a key reason behind’s crypto’s emergence into society about 15 years ago. Hacking incidents therefore undermine the case to further develop digital assets and bring crypto into a more mainstream place in the global economy. A data loss from Coinbase, the world’s largest Bitcoin custodian, is a damaging episode for the industry as a whole, not just for one company.
In its mid-May advisory to customers, Coinbase recalled the incident, but made no mention of the length of time it had known about the attack:
“Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up. We said no.”
Reputational risks
The company now faces a class-action lawsuit from a shareholder who claims to have suffered financial losses due to what he calls the company’s “misleading” disclosures. Prominent traders have also voiced frustration, accusing Coinbase of poor transparency and inadequate data security practices.
Coinbase may have resolved the immediate issue for now. However, the fallout continues as shareholders and customers demand answers about how the hack occurred and why the company chose to remain silent until real-world user data was weaponized against the firm.
