In a major win for international cybercrime enforcement, India’s Hyderabad Police has arrested a former Coinbase support agent involved in a major bribery scheme.
This wasn’t a high-tech hack of servers or encryption systems. Instead, hackers reached out to third-party contractors in India and offered them money for access to the exchange’s servers.
That access gave attackers sensitive information from thousands of users, leading to a $20 million ransom attempt. It also left Coinbase with nearly $400 million in recovery costs and customer reimbursements.
Coinbase CEO has his say
Coinbase CEO Brian Armstrong shared news of the arrest online, stating that the company will continue to track down everyone involved.
He said,
He added,
However, not everyone shared the same sentiment as Armstrong, with one user replying,
When did this breach actually start?
The breach began long before Coinbase revealed it in May 2025. Internal security logs revealed that Coinbase’s team noticed strange activity as early as January, months before they understood how deep the problem ran.
In May, the hackers finally made their move.
They demanded a $20 million ransom and threatened to leak customer information on the dark web if Coinbase didn’t pay.
However, CEO Brian Armstrong refused to give in. Instead of sending money to the hackers, Coinbase used the same $20 million to fund a public bounty for anyone who could help identify and catch the criminals.
This bold move turned the ransom demand into a reward for their capture.
The $400 million fallout
Even though Coinbase didn’t pay the ransom, the damage was huge. In fact, blockchain analytics firm Elliptic estimated that the total costs, including for fixing systems and reimbursing customers, was somewhere between $180 million and $400 million.
This makes it one of the ten costliest security incidents in the history of decentralized finance.
How did the market react to the news?
As expected, the market responded quickly to this news. Coinbase’s stock (COIN) fell by 1.18% to $236.90 as soon as the update was released.
While the drop wasn’t massive, it showed that investors are worried about one thing – Human error and insider threats can still precipitate major failures.
Final Thoughts
- Crypto companies must rethink security from the inside out as employees and contractors have emerged as attack vectors.
- Exchanges must reduce the number of people who can access sensitive customer data, following a zero-trust approach.
Source: https://ambcrypto.com/coinbases-armstrong-stresses-zero-tolerance-after-arrest-of-former-agent-in-india/
