Coinbase is now dealing with mounting scrutiny after it allegedly sat on a critical information breach for over 4 months, exposing the non-public data of almost 70,000 customers earlier than taking motion.
The breach, which reportedly started with insiders at an abroad buyer assist heart leaking delicate information, was found in January 2025. Nevertheless, customers and regulators weren’t knowledgeable till Could. The compromised information included partial Social Safety numbers, residence addresses, and account exercise tied to assist tickets.
The seller on the heart of the leak, TaskUs, is claimed to have had workers in India who accepted bribes in alternate for screenshots of Coinbase buyer data. The alternate has since lower ties with the agency and is reportedly implementing stricter oversight of all third-party companions.
Coinbase now estimates the incident might value as much as $400 million in authorized and remediation bills. In the meantime, a class-action lawsuit accuses the corporate of withholding vital data that may have affected its inventory efficiency. A separate case has been filed in opposition to TaskUs for negligence.
By March, the stolen information had surfaced in Telegram teams recognized for crypto fraud, with attackers finally trying to extort $20 million from Coinbase in alternate for deleting the recordsdata. The corporate refused and as an alternative provided the identical quantity as a bounty for leads on the culprits.
Regulatory businesses are actually investigating whether or not Coinbase’s failure to reveal the breach sooner violated SEC guidelines for public corporations.