Coinbase data leak: Exchange knew about recently revealed breach since January—Report

Fresh details from the Coinbase data leak have stunned the crypto market, with Reuters reporting that the exchange knew about the breach as early as January, months before notifying customers. The incident, involving an outsourcing firm employee in India, exposed sensitive data of nearly 70,000 users, raising questions about accountability and response times in the crypto industry.

Coinbase data leak traced to rogue TaskUs employees

The Coinbase data leak originated when an employee of TaskUs, a U.S.-based outsourcing partner, allegedly photographed customer data from her work computer using a personal phone. According to five former TaskUs staff, the employee and an accomplice sold the information to hackers for financial gain. Coinbase was reportedly notified immediately, yet public disclosure came only in May.

TaskUs, which handled Coinbase’s customer support, faced mass layoffs in January, with over 200 employees terminated. However, only two individuals were directly linked to the Coinbase data leak, which compromised names, emails, and transaction histories.

$20M ransom demand forced Coinbase to go public

After hackers leaked a portion of the stolen data in mid-May, they demanded $20 million from Coinbase to suppress further exposure. The exchange refused, opting instead to tighten security controls and sever ties with TaskUs personnel involved.

“We cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls,” Coinbase told Reuters. Critics argue that the delayed transparency left users vulnerable to phishing scams and identity theft.

TaskUs’ history of crypto-related breaches under scrutiny

The Coinbase data leak isn’t TaskUs’ first security controversy. In 2022, the firm and Shopify were sued over a separate breach involving Ledger, a hardware wallet provider. That incident exposed 270,000 Ledger customers’ data, which fueled years of ongoing scams.

Legal filings suggest TaskUs and Shopify knew about the Ledger breach for over a week before alerting users—a pattern echoing concerns about the Coinbase data leak response.

Regulatory fallout and user backlash loom

With lawsuits already filed in Manhattan, Coinbase faces mounting pressure over its handling of the Coinbase data leak. The breach highlights risks in outsourcing customer support, particularly in jurisdictions with weaker data protection.

Coinbase has yet to comment on Reuters’ January timeline revelation. Meanwhile, affected users demand clearer communication and compensation. As regulators scrutinize the exchange’s compliance, the Coinbase data leak could set precedents for crypto industry accountability.