Ex-Coinbase Employee Arrested in India for 2025 Data Breach

Indian police arrest ex-support agent tied to Coinbase’s 2025 breach, exposing insider access risks, social engineering scams, and a $400M fallout.

Areeba Rashid
December 28, 2025
6:55 pm

Areeba Rashid

Areeba Rashid is a dedicated crypto news writer with a passion for making complex topics accessible to everyone. She covers the latest developments in the crypto world, including in-depth price analysis, helping readers stay informed and make sense of market trends.

Indian police arrest a former support agent in the Coinbase data breach investigation.
Bribed staff enabled social engineering attacks without breaching Coinbase systems.
Coinbase faces up to $400 million in costs as human risk reshapes crypto security.

Indian police have arrested a former customer service agent connected to a major data breach involving Coinbase. The arrest marks the first public breakthrough in a case that has drawn global attention. Coinbase confirmed the development and described it as an early step in a wider investigation into how insider access was abused to harm users.

Coinbase chief executive Brian Armstrong revealed the arrest in a public post. He thanked the Hyderabad Police for their cooperation. Armstrong said investigators are still pursuing others involved in the scheme. He made clear that the inquiry remains active and ongoing.

We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.

Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
— Brian Armstrong (@brian_armstrong) December 26, 2025

Coinbase Breach Fueled by Insider Access

The arrest links back to a breach Coinbase disclosed in mid-2025. At the time, the company said attackers bribed outsourced support staff to obtain customer information. The breach did not involve hacking Coinbase’s core systems. Instead, it relied on human access and weak controls around support operations.

Coinbase stressed that private keys and account passwords stayed secure. Still, the stolen personal data proved dangerous. Criminals used it to run targeted social engineering attacks. People posing as Coinbase support contacted victims and warned them that their funds were at risk.

Also Read: Coinbase Pushes Back on Three States Over Prediction Market Oversight

Most users were forced to give out account access. The fraudsters sounded convincing and provided actual customer information. By doing this, attackers managed to steal money without having to hack into the infrastructure of Coinbase. This demonstrated the ease with which trust can serve as a weapon, in contrast to code.

Financial and Legal Impact Deepens for Coinbase

Coinbase has experienced the consequences. The firm estimated that response operations, claims and reimbursements, and enhanced security might cost up to $400 million. This was followed by legal pressure with at least one class-action lawsuit in the United States. Investigators also traced part of the breach to agents of TaskUs, a U.S.-based outsourcing company operating in India.

Reports also indicated that the attackers attempted to extort Coinbase a sum of $20 million. They would also supposedly threaten to misuse the stolen data further. The police in a different case in the United States were able to detain a suspect named Ronald Spektor, a 23-year-old Brooklyn resident who had stolen close to $16 million while posing as Coinbase customer support personnel.

Combined, the cases indicate a shift in crypto crime. Social manipulation has emerged as a new threat, surpassing traditional technical exploits. For Coinbase and the wider crypto sector, social engineering has become the dominant security threat.

Also Read: UK Launches Investigation into $28M Crypto Scam, Two Arrested