Indian call centre agents accused of leaking customer data in $400 million Coinbase hack

In May, cryptocurrency giant Coinbase revealed a major data breach that affected more than 69,000 customers – its biggest security failure to date. The breach, which could cost the company up to $400 million, happened after hackers bribed customer service workers in India to leak sensitive data, according to a report in Fortune.

Cryptocurrency giant Coinbase revealed a major data breach(REUTERS)

The role of outsourcing

The hackers targeted employees of TaskUs, a US-based company that provides customer service support to major tech firms. TaskUs has a large presence in India, and its agents have handled support for Coinbase since 2017. In January, TaskUs laid off over 200 Indian staff working for Coinbase – just weeks after the data theft was discovered.

TaskUs salaries in India are not high – often between $500 and $700 a month. Due to low salaries, some workers in India were persuaded to hand over confidential customer records in exchange for bribes. Coinbase confirmed it had cut ties with the individuals and other overseas agents involved.

“Obviously that’s the weakest point in the chain, because there is an economic reason for them to accept the bribe,” Sergio Garcia, founder of the crypto investigations company Tracelon, told Fortune.

Hackers used data for social scams

The stolen information wasn’t enough to access Coinbase’s crypto vaults directly. Instead, criminals used it to impersonate Coinbase staff and trick customers into giving up their crypto assets. These social engineering scams led to real financial losses, though Coinbase hasn’t revealed how many customers lost funds. The company says it is reimbursing affected users.

Legal trouble and TaskUs response

A class action lawsuit has been filed in New York, accusing TaskUs of negligence. The company insists the claims are baseless and says it’s strengthening its security measures. TaskUs believes two agents were part of a broader scheme involving attacks on multiple service providers linked to Coinbase.

Who’s behind it?

The hackers are believed to be part of a loosely connected group known as “the Comm” or “Community” -- young, English-speaking cybercriminals who coordinate through Telegram and Discord. Unlike traditional hacking groups from Russia or North Korea, the Comm includes thrill-seeking teenagers and young adults who often compete for attention and success online.

According to a hacker who spoke with Fortune under the alias “puffy party,” different members of the group handled different parts of the operation: bribing agents, collecting data, and carrying out scams.