An investigation into a $400 million (₹3,320 crore) data breach has exposed a deepening scandal involving U.S. crypto giant Coinbase and its Indian outsourcing partner, TaskUs. A covert operation involving bribes, leaked customer data, and a massive security lapse at the outsourcing firm has rocked Coinbase. Sources reveal the cryptocurrency giant may have known months before publicly acknowledging the breach.
A Breach Born in Indore: Photographs, Bribes, and Compromised Accounts
In the heart of India’s tech-enabled outsourcing sector, an employee at a TaskUs office in Indore was spotted doing something that set off alarm bells: taking photos of her work computer with her personal phone. According to five former TaskUs employees, it was this moment in January that would unravel into a sprawling cybersecurity scandal implicating global cryptocurrency giant Coinbase and leading to a data breach now estimated to cost the company up to $400 million, i.e. around ₹3,320 crore.
The woman, along with an alleged accomplice, reportedly leaked sensitive Coinbase customer data in exchange for bribes. The breach—while only publicly disclosed in a May 14 filing to the U.S. Securities and Exchange Commission (SEC)—was first known to Coinbase far earlier, according to six people with direct knowledge of the incident.
An internal probe soon followed. More than 200 TaskUs employees were abruptly laid off in a move that sparked speculation and brief media attention in India but was never officially linked to Coinbase—until now.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Coinbase, Timeline Discrepancies, and a Lawsuit That Pulled Back the Curtain
Despite Coinbase’s claim in its SEC filing that it only became aware of the scale of the breach after receiving an extortion demand on May 11, insiders challenge that narrative. According to three former TaskUs employees and one person familiar with the internal investigation, Coinbase was notified in real-time when the suspicious activity was discovered in January.
This discrepancy is crucial. In a federal lawsuit filed in Manhattan last week, Coinbase attributed the breach to “support agents overseas,” but stopped short of identifying TaskUs. The firm, a major global outsourcing company with thousands of employees servicing clients like Meta and Coinbase, has since admitted that two of its employees were fired early this year for unauthorized data access.
TaskUs said it “immediately reported” the activity to the client and believes the employees were part of a broader criminal network targeting multiple vendors linked to the same client. Sources have confirmed that Coinbase was the client in question.
Security Oversight, Fallout, and a Growing Crisis of Trust
The nature of the data leak- customer information accessible without business need- suggests deeper systemic vulnerabilities. Coinbase said in its filing that contractors accessed internal data “without business need” in “previous months,” but insisted it only recognized the scale of the breach after the extortion demand.
Critics argue that the cryptocurrency exchange should have acted faster and more transparently, especially considering the rise in cyber threats targeting financial firms using overseas vendors. While Coinbase has since “cut ties with the TaskUs personnel involved and other overseas agents,” the names of these other vendors remain undisclosed, as does any potential legal recourse.
Meanwhile, police in Indore have not confirmed any arrests, and Indian authorities have remained tight-lipped. Insiders say the incident is under active investigation, but the lack of cross-border enforcement coordination could stall accountability.
About the author – Prakriti Jha is a student at National Forensic Sciences University, Gandhinagar, currently pursuing B.Sc. LL.B (Hons.) with a keen interest in the intersection of law and data science. She is passionate about exploring how legal frameworks adapt to the evolving challenges of technology and justice.