Indian police arrest ex-Coinbase rep accused of selling customer data

TL;DR

Hyderabad police have taken into custody a former Coinbase customer service agent in connection with a scheme where overseas support staff allegedly took bribes to hand over user records. Coinbase previously disclosed that nearly 70,000 customer records were stolen in a December 2024 incident; the company set up a $20 million reward fund rather than pay an extortion demand.

What happened

Coinbase CEO Brian Armstrong said on X that Hyderabad police arrested an ex-Coinbase customer support agent in the wake of an investigation into rogue insiders. The move follows a May disclosure from Coinbase that a group of overseas support staff had allegedly accepted bribes from criminals in exchange for close to 70,000 customer records. According to the company, the compromised information included names, contact details, images of government IDs, account data, masked Social Security numbers, bank account information and some corporate data. Coinbase said the incident did not expose two-factor authentication codes, private keys or direct wallet access, but attackers still used the stolen personal information to impersonate employees and trick victims into transferring cryptocurrency. The company also reported that the criminals attempted to extort it for $20 million, prompting Coinbase to create a $20 million reward fund for information leading to arrests and convictions.

Why it matters

• Insider access can expose large volumes of personally identifiable information even without direct access to funds or private keys.
• Stolen customer records can enable social-engineering scams that result in real financial losses for users.
• Arrests signal law enforcement engagement in cross-border investigations of cyber-enabled insider theft.
• Public revelations of such breaches can affect customer trust in cryptocurrency platforms and their support practices.

Key facts

• Hyderabad police arrested a former Coinbase customer service agent, according to CEO Brian Armstrong.
• Coinbase disclosed in May that 'rogue overseas support agents' allegedly took bribes to obtain nearly 70,000 customer records.
• Compromised data included names, addresses, phone numbers, email addresses, government ID images, account data, masked SSNs, bank account information and limited corporate data.
• Coinbase said no two-factor authentication codes, private keys, or wallet access were obtained in the breach.
• Attackers used the stolen information to impersonate Coinbase employees and trick some users into surrendering cryptocurrency.
• The criminals reportedly tried to extort Coinbase for $20 million; the company announced a $20 million reward fund instead of paying a ransom.
• It is not clear from the source whether any bounty or reward payments have been made related to the arrest.
• Some X users criticized Coinbase for outsourcing support overseas, blaming that model for enabling insider bribery and data exfiltration.
• Coinbase said a separate Brooklyn prosecution accuses a man of impersonating support staff to steal nearly $16 million from about 100 users; the company says that case is not linked to the overseas insider incident.

What to watch next

• Whether additional arrests or charges are announced in the overseas insider investigation (Armstrong said 'more still to come').
• Updates on whether the $20 million reward fund results in bounty payments or prosecutions — not confirmed in the source.
• Any official changes Coinbase makes to its customer support operations or outsourcing practices in response to the incident — not confirmed in the source.

Quick glossary

• Insider threat: When an employee, contractor or other trusted individual misuses access to systems or data for malicious purposes or personal gain.
• Two-factor authentication (2FA): A security method that requires users to provide two different types of identification before gaining access to an account.
• Social engineering: Tactics that manipulate people into divulging confidential information or performing actions that compromise security.
• Extortion: The crime of obtaining money, property or services from a person or institution through coercion, threats or blackmail.

Reader FAQ

Was anyone arrested in connection with the Coinbase data theft?
Yes. Hyderabad police arrested a former Coinbase customer service agent, according to CEO Brian Armstrong.

What data was taken in the breach?
Coinbase said nearly 70,000 customer records were taken, including names, contact details, government ID images, masked SSNs, bank account information and limited corporate data.

Were customers' wallets or private keys compromised?
Coinbase stated that no two-factor authentication codes, private keys, or access to wallets were obtained in the incident.

Has Coinbase paid any reward or ransom related to the incident?
Not confirmed in the source.

Is the Brooklyn case against Ronald Spektor connected to the overseas insider theft?
Coinbase said the two matters are not related.

CYBER-CRIME Indian cops cuff ex-Coinbase rep over selling customer info to crims There's more where that came from, CEO says Brandon Vigliarolo Mon 29 Dec 2025 // 21:16 UTC Rogue insiders suspected of taking…

Sources

• Indian cops cuff ex-Coinbase rep over selling customer info to crims
• Coinbase Says Former Agent Arrested In India Over …
• Ex-Coinbase employee arrested in India over $400m heist
• India Arrests Former Coinbase Support Agent Over Data …

Related posts

• Apple appeals £1.5bn UK ruling that found App Store fees excessive
• KrebsOnSecurity.com Marks 16 Years of Investigative Cybercrime Reporting
• Extortion group Lovely leaks Wired subscriber data, claims 40M records