The Mole in the Machine: New Arrests in Coinbase’s $400M Insider Data Scandal
Coinbase has reported the first arrests in its investigation into the sale of customer data: police in Hyderabad, India, have detained a former exchange support employee suspected of accepting bribes and handing customer records to criminal groups. Coinbase CEO Brian Armstrong disclosed the arrest on December 26, adding that further detentions are expected to follow.
The case stems from an investigation Coinbase publicly detailed in May. At the time, the company said a group of unscrupulous overseas support staff had allegedly accepted payments from cybercriminals and, in exchange, provided them with data belonging to nearly 70,000 customers. According to Coinbase, the incident occurred in December 2024 and involved personal information including names, addresses, phone numbers and email addresses, images of government-issued identification, account details, masked Social Security numbers, banking information, and a limited set of data related to corporate clients.
The exchange stressed that the attackers did not obtain two-factor authentication codes, private keys, or direct access to crypto wallets. Even so, the stolen information proved sufficient for fraud. Coinbase said the criminals impersonated company employees and persuaded some users to voluntarily transfer cryptocurrency. In addition, the attackers attempted to extort Coinbase itself, demanding $20 million in exchange for halting further pressure.
Coinbase stated that it refused to pay the ransom. Instead, the company announced the creation of a $20 million reward fund for information leading to the arrest and conviction of those behind the attack. It remains unclear whether the recent arrest is connected to payouts under this program; according to journalists, the exchange declined to give a direct answer.
Armstrong’s announcement triggered a wave of criticism on social media. Some users accused Coinbase of increasing risks to customers by outsourcing support outside the United States and placing employees in positions vulnerable to bribery. Longstanding complaints about service quality resurfaced as well. As far back as 2021, CNBC reported widespread account takeovers on the platform and user grievances that obtaining assistance from the company was difficult—particularly when seeking to regain access or recover stolen funds.
Amid the controversy, Coinbase emphasized that it is simultaneously assisting law enforcement in combating social-engineering scams that prey on users. In a post dated December 19, the company said it had worked with the Brooklyn District Attorney’s Office to support an investigation into a New York resident accused of impersonating a Coinbase representative and stealing nearly $16 million from roughly 100 users nationwide.
According to prosecutors, 23-year-old Ronald Spector convinced victims that their accounts were at risk of being hacked, then pressured them to transfer cryptocurrency to a wallet under his control. Coinbase noted that authorities had already recovered more than $600,000 in alleged proceeds by that point.
The company underscored that the Spector case and the bribery scheme involving overseas support staff are unrelated, even though the fraud techniques employed in both incidents bear a striking resemblance.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
