Coinbase said a former customer support agent was arrested in India amid an investigation into insider bribery and customer data theft.
Chief Executive Officer Brian Armstrong said on Dec. 27 the arrest involved an ex-support agent and thanked Hyderabad Police for assistance.
What Coinbase told regulators
Coinbase described the incident as an extortion attempt built on insider access.
In a May 14 filing, the company said it received an email demanding payment and claiming the sender had obtained customer information and internal documents.
Coinbase said the information was taken from systems used for customer support and account management and later used for social engineering attempts against customers.
Armstrong wrote:
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
Timeline and customer impact
A state notification filed in Maine listed the breach date as Dec. 26, 2024.
The filing said insider wrongdoing was discovered May 11, 2025.
It reported 69,461 affected people.
Reuters previously reported that the U.S. Department of Justice opened an investigation into the incident earlier in 2025.
Costs and broader security focus
Coinbase estimated remediation and voluntary reimbursements could cost $180 million to $400 million.
In its Q3 2025 shareholder letter, Coinbase recorded $48 million in “data theft incident” costs in Q3 after $307 million in Q2, totaling $355 million.
The episode has refocused attention on identity and access controls in support workflows rather than on custody technology.
The case also comes amid ongoing concerns about exchange security and user verification, as highlighted by Bitcoin’s long-running emphasis on self-custody and network reliability.
