In what is now being described as the most significant security incident in its history, U.S.-based crypto exchange Coinbase disclosed in May that over 69,000 users had their personal data compromised. The attackers didn’t storm firewalls or exploit zero-day vulnerabilities instead, they went straight to the weakest link: offshore customer service workers.
According to Coinbase’s own filings, the breach stemmed from a sophisticated social engineering campaign that involved bribing BPO agents overseas, particularly those employed by a U.S.-based contractor, TaskUs, in Indore, India. The hackers reportedly paid these low-wage employees to share customer account information—setting off a chain of scams that would ripple across the crypto space.
Bribed for Access: The BPO Loophole in Tech Security
Since 2017, TaskUs has been providing customer support staff to Coinbase, a cost-saving measure that, in hindsight, proved devastating. In January 2025, TaskUs quietly laid off 226 employees assigned to Coinbase, just weeks before the data breach was formally detected.
A spokesperson for TaskUs confirmed that two individuals had been identified as complicit in a broader, well-coordinated criminal operation. These employees, allegedly bribed by hackers, provided unauthorized access to sensitive customer data, which was later used to impersonate Coinbase support and siphon crypto funds from unsuspecting users.
The company is now facing a federal class action lawsuit in New York for negligence, and pressure is mounting on tech firms globally to rethink their reliance on offshore BPOs for handling sensitive data.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
Inside ‘The Comm’: Hackers Who Grew Up on Video Games
The breach wasn’t orchestrated by a foreign state actor or an underground mafia it was carried out by a loosely affiliated network of young, English-speaking hackers known as “The Comm.” These digital operatives, some as young as teenagers, are not only skilled but often driven by bravado and mischief.
Telegram messages reviewed reveal one such hacker, using the pseudonym “puffy party,” claimed responsibility and even mocked Coinbase’s CEO. The hacker’s group bribed TaskUs agents and handed off the stolen data to others who specialize in social engineering scams. Using Telegram and Discord, they coordinated efforts, shared playbooks, and split the profits.
Experts say “The Comm” functions like a decentralized startup complete with recruitment pipelines, role specialization, and profit-sharing models. Their attack on Coinbase mirrors their previous exploits, including the 2023 cyberattack on MGM Resorts, which sought $30 million in ransom.
The Fallout: Legal Battles, Blackmail Threats, and Global Repercussions
The hackers didn’t stop at theft they also tried to blackmail Coinbase for $20 million in Bitcoin, threatening to leak the breach if the demand wasn’t met. The company refused to pay and instead notified regulators and affected users.
Coinbase has since fired all implicated BPO agents, severed ties with TaskUs personnel involved, and promised to reimburse users who lost funds through scams. It pegs the financial damage between $180 million and $400 million, depending on regulatory fines, class-action outcomes, and reimbursement totals.
While the breach did not compromise Coinbase’s crypto vaults, it exposed a different kind of vulnerability human error amplified by economic disparity. With Indian BPO workers earning between $500 and $700 per month, susceptibility to bribes is a structural flaw.
“Obviously that’s the weakest point in the chain,” said crypto security expert. “Because there is an economic reason for them to accept the bribe.”