Coinbase Hack: Indian Call Centre Staff Allegedly Involved in USD 400 Million Breach

Cryptocurrency exchange Coinbase recently disclosed a significant data breach impacting many customers, marking the most serious security incident in the company's history. The breach could cost Coinbase between USD 180 million and USD 400 million. The company disclosed that criminals managed to steal personal information by bribing overseas customer support agents to leak sensitive data.

In response, Coinbase announced a USD 20 million bounty for information leading to the culprits and took steps to tighten security and sever ties with the agents involved. While, the company has shared limited information about who was behind the attack or how the hackers managed to target its support staff.

According to Fortune, the individuals engaged in the incident were based in India and worked at the TaskUs customer support center in Indore. These Indian employees were in charge of managing Coinbase's client queries and were allegedly enticed to provide critical user information.

The report found that a group of young English-speaking hackers were partly responsible for the scam. It also showed that business process outsourcing units (BPOs) were a weak point in the company's security.

The breach was detected months before it became public knowledge. In January this year, TaskUs laid off 226 employees from its Indore center, many believed to be involved in the data leak. Coinbase also severed ties with the implicated staff and increased security measures to prevent further incidents.

TaskUs employees in India earn between $500 and $700 per month, which is approximately Rs 43,000 to Rs 60,000 per month. Despite being decent this pay is still quite low considering the sensitive nature of the data these workers handle. This economic reality may have made some staff members vulnerable to bribery, which the hackers exploited.

The stolen data did not provide hackers direct access to Coinbase's cryptocurrency wallets but it given enough information to impersonate Coinbase personnel and conduct social engineering frauds on consumers. These fake transactions duped some users into giving over their cryptocurrency assets.

Sergio Garcia, founder of Tracelon, a cryptocurrency investigation company, told Fortune that outsourcing customer service could pose a security concern, and economic pressure may lead to low-paid workers bribing which makes them a weak link in the security chain.

It emphasizes the risks that firms may face when outsourcing essential processes, as well as the difficulties that come with preserving sensitive consumer data.