In what’s turning out to be one of the biggest security failures in crypto history, over 69,000 Coinbase users have had their personal data compromised — not through a high-tech exploit, but through something far more old-fashioned: bribery. And at the center of the breach is a customer support team based in Indore, India.
The breach, which Coinbase publicly disclosed on May 15, could cost the company as much as $400 million. But what’s even more unsettling is how it happened. A group of young hackers — reportedly teenagers fluent in American English — bribed Indian call center workers to gain access to internal systems.
With that data in hand, they impersonated Coinbase employees and tricked users into giving up access to their wallets.
TaskUs and the Indore Connection
The call center in question wasn’t run by Coinbase directly. It was operated by TaskUs, a Texas-based outsourcing company that’s been handling Coinbase’s customer service since 2017.
As per TaskUs’ own filings, the company has been providing overseas support staff to Coinbase for years — a cost-saving arrangement that, it turns out, had serious security gaps.
In January 2025, just weeks after Coinbase discovered the breach, TaskUs laid off 226 employees from its Indore facility. Officially, the layoffs weren’t linked to the hack. Unofficially, the timing tells a different story.
TaskUs later admitted that two employees had illegally accessed client data, and suggested the breach was part of a wider, coordinated campaign that targeted multiple service providers. Coinbase wasn’t the only company affected, but it may have been the hardest hit.
Low Wages, High Risk
Agents at the Indore center were reportedly making between $500 and $700 a month — enough to make bribery tempting. These agents weren’t supposed to have deep access, but the nature of their job, responding to customer inquiries and account issues, gave them just enough access to be dangerous.
Once the hackers had internal records, they didn’t need to hack anything else. They reached out to customers, posed as support staff, and persuaded them to hand over their crypto funds. It was all done through conversation, over the phone, on Telegram, and via email.
These weren’t amateur phishing attempts either. Investigators say the attackers spoke in fluent, accentless English, making it difficult for victims to suspect anything. Some of them even attempted to blackmail Coinbase, demanding money in exchange for keeping the breach quiet.
Fallout Begins
Coinbase responded by offering a $20 million bounty for information that could lead to those behind the attack. Meanwhile, a class-action lawsuit has been filed in New York, accusing TaskUs of negligence in safeguarding user data.
TaskUs says it’s committed to improving security and has dismissed the claims as “without merit.” But in India’s booming BPO industry, the incident is being seen as a cautionary tale.
As global tech companies continue to offshore customer support, questions are growing about how well-protected user data really is, especially when agents are underpaid, undertrained, and easily targeted.
Bigger Than Just Coinbase
This isn’t the first time Indian call centers have been used to target global users, but the scale of this breach — and the fact that it involved a publicly listed company — makes it a turning point. It also signals how vulnerable the backend operations of major tech firms have become.
For now, the identity of the teenage hackers remains unclear, though some evidence points to a loosely organized group known for social engineering scams. What’s certain is this: no amount of encryption or blockchain security can protect a system from people on the inside being bought off.
And in this case, the inside happened to be a support desk in Indore, answering emails for one of the biggest crypto exchanges in the world.
Also Read: Coinbase to Offer 24/7 XRP, Solana Futures to US Institutional Traders
