Coinbase CEO Announces First Arrest in India Over Insider Data Breach

CEO Brian Armstrong announced the development on December 26, 2024, signaling that more arrests are expected.

“We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice,” Armstrong wrote on X. “Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.”

The arrest represents a major step in resolving one of 2025’s most significant cryptocurrency security incidents, which has cost Coinbase an estimated $180 million to $400 million in damages and affected nearly 70,000 users.

The Bribery Scheme That Exposed Customer Data

The security breach officially occurred on December 26, 2024, when cybercriminals successfully obtained user data through bribed offshore customer service representatives. However, insider theft activity began months earlier, with the scheme involving employees at TaskUs, a Texas-based business process outsourcing firm that handled customer support for Coinbase from its operations in India.

According to court documents, the criminals targeted TaskUs agents in Indore, offering bribes up to $2,500 per person to access Coinbase’s internal systems. The stolen information included names, addresses, phone numbers, government-issued IDs, partial Social Security numbers, and masked bank account numbers.

Coinbase began noticing suspicious activity as early as January 2025 but the full extent of the breach wasn’t discovered until May 11, 2025, when hackers contacted the company demanding a $20 million ransom. The exchange refused to pay the ransom and instead launched a matching $20 million bounty program for information leading to arrests and convictions.

Source: @brian_armstrong

A filing with the Maine Attorney General’s Office revealed that 69,461 users were affected, representing less than 1% of Coinbase’s monthly active users.

The TaskUs Employee at the Center

Court filings identified Ashita Mishra, an employee at TaskUs’s Indore office, as a key figure in the scheme. Beginning in September 2024, Mishra allegedly used her phone to photograph sensitive customer data directly from her work computer, taking up to 200 photos per day.

The stolen information was sold to hackers for $200 per image. By the time authorities arrested Mishra in January 2025, her personal device reportedly contained data on more than 10,000 Coinbase customers.

Investigators also claim Mishra recruited other TaskUs employees, including supervisors and team leaders, transforming what started as individual theft into a coordinated conspiracy. TaskUs laid off 226 Coinbase-related staff from its Indore facility in January 2025 following the discovery of the breach.

Financial Impact and Security Response

Coinbase reported $307 million in breach-related costs during its second-quarter earnings, covering remediation efforts and reimbursements to affected customers. The company faces multiple shareholder class action lawsuits alleging delayed disclosure of the breach.

In response to the incident, Coinbase has implemented stricter security measures. The exchange terminated its relationship with TaskUs and tightened vendor controls. The company also opened a new customer service facility in Charlotte, North Carolina, to reduce reliance on overseas staff.

All new employees now must complete training in person in the United States. Workers handling sensitive systems must be U.S. citizens and provide fingerprints as part of enhanced security protocols designed to prevent similar insider threats.

Separate Phishing Case in Brooklyn

The India arrest comes just one week after Brooklyn prosecutors charged Ronald Spektor, 23, with stealing $16 million from approximately 100 Coinbase users through a separate phishing scheme. Spektor allegedly posed as a Coinbase representative between April 2023 and December 2024, convincing victims their accounts were at risk and persuading them to transfer cryptocurrency to wallets he controlled.

The Brooklyn case resulted in 31 criminal charges, including first-degree grand larceny and money laundering. Authorities have recovered approximately $105,000 in cash and $400,000 in cryptocurrency connected to that scheme.

What Data Was Actually Compromised

While the breach exposed significant personal information, Coinbase has emphasized that certain critical security elements remained protected. The attackers did not obtain passwords, private keys, seed phrases, or direct access to customer cryptocurrency holdings.

However, the stolen data still poses risks for affected users. Criminals can use the information for targeted phishing attacks and social engineering schemes. Coinbase has offered affected customers one year of complimentary identity-theft protection and credit monitoring services.

The company has reimbursed customers who lost funds to scams using the stolen information and continues working with international law enforcement to trace stolen assets and pursue additional suspects.

The Path Forward

The arrest in Hyderabad demonstrates the growing cooperation between cryptocurrency companies and international law enforcement agencies in combating cyber crime. Coinbase has worked closely with authorities in both India and the United States, including the Brooklyn District Attorney’s Office, to identify individuals involved in various schemes targeting the exchange.

The timing of the arrest is notable as it follows Coinbase’s recent return to the Indian market after nearly two years of regulatory challenges. The exchange has been expanding its global operations while simultaneously strengthening security measures to prevent future breaches.

As Armstrong’s announcement suggests with the phrase “more still to come,” the investigation remains active with additional suspects being pursued. The case highlights the ongoing challenge that cryptocurrency exchanges face in securing outsourced operations and protecting customer data from insider threats.

Closing the Security Gap

The Coinbase breach serves as a stark reminder that even major cryptocurrency platforms remain vulnerable to low-tech attacks that exploit human weaknesses rather than technical flaws. The criminals didn’t hack through firewalls or exploit software vulnerabilities—they simply found employees willing to accept bribes for access to sensitive data. As the industry continues to grow and attract institutional investors, addressing insider threats through better vetting, monitoring, and international law enforcement cooperation has become as critical as securing blockchain technology itself.