Coinbase co-founder and CEO Brian Armstrong confirmed that a former customer service agent has been arrested in Hyderabad, months after a hacking scheme that involved bribing customer support representatives to access sensitive user data.
‘Zero tolerance for bad behaviour’
Armstrong added that the company follows zero tolerance for bad behaviour, and more arrests are still to come.
“We have zero tolerance for bad behaviour and will continue to work with law enforcement to bring bad actors to justice,” Armstrong said in a post on X (formerly Twitter).
He added, “Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.”
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
— Brian Armstrong (@brian_armstrong) December 26, 2025
Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
The development comes after prosecutors charged a Brooklyn man over an impersonation scheme targeting Coinbase customers, Deccan Chronicle reported.
All about the Coinbase hack
In May this year, Coinbase faced a data breach after overseas contractors and employees siphoned off sensitive customer information in exchange for bribes. The hackers later attempted to extort the company, demanding $20 million in exchange for deleting the stolen data. The incident came to light three days after Coinbase’s inclusion in the S&P 500 Index.
The company learnt about the breach after receiving an email on May 11 from an unidentified threat actor claiming to possess confidential information tied to select customer accounts and internal company records. Coinbase said the compromised data included personal details such as names, addresses and email IDs, but stressed that passwords, login credentials and direct access to customer accounts were not exposed, Bloomberg reported.
In filings reviewed by Reuters, Coinbase estimated the financial impact between $180 million and $400 million. The company noted that the breach affected only a limited portion of its user base and said it had detected suspicious activity linked to the scheme as early as January this year.
According to a report by Reuters, the company began noticing the unusual activity in January of this year. What was their scheme? Well, they bribed customer representatives to steal client data and then demanded a $20 million ransom to delete it.
The stolen data reportedly included dates of birth, addresses, nationalities, government-issued identification numbers, partial banking details, and information on account creation dates and balances. The data could be used to impersonate Coinbase or its customers, potentially opening the door to fraud across other financial platforms, the Bloomberg report mentioned.
“What these attackers were doing was finding Coinbase employees and contractors based in India who were associated with our business process outsourcing or support operations, that kind of thing, and bribing them in order to obtain customer data,” Coinbase Chief Security Officer Philip Martin was quoted by Bloomberg as saying.
Once the misconduct was identified, the company said it isolated the affected agents and terminated their roles. Martin added that while there were multiple bribery attempts over time, the attackers never maintained continuous access to Coinbase systems, Bloomberg further reported.
One aspect of the breach, detailed in a May 14 filing with the US Securities and Exchange Commission (SEC), involved an India-based employee of US outsourcing firm TaskUs. A woman was caught taking photographs of her work computer with her personal phone, according to TaskUs employees who saw her and reported the incident to Coinbase.
