The hackers targeted employees of TaskUs, a US-based company that provides customer service support to major tech firms. TaskUs has a large presence in India, and its agents in Indore handled support for Coinbase since 2017. In January, TaskUs laid off over 200 Indian staff working for Coinbase – just weeks after the data theft was discovered.
TaskUs salaries in India are not high – often between $500 and $700 a month. Due to low salaries, some workers in India were persuaded to hand over confidential customer records in exchange for bribes. Coinbase confirmed it had cut ties with the individuals and other overseas agents involved.
“Obviously that’s the weakest point in the chain, because there is an economic reason for them to accept the bribe,” Sergio Garcia, founder of the crypto investigations company Tracelon, told Fortune.
The stolen information wasn’t enough to access Coinbase’s crypto vaults directly. Instead, criminals used it to impersonate Coinbase staff and trick customers into giving up their crypto assets. These social engineering scams led to real financial losses, though Coinbase hasn’t revealed how many customers lost funds. The company says it is reimbursing affected users.
A class action lawsuit has been filed in New York, accusing TaskUs of negligence. The company insists the claims are baseless and says it’s strengthening its security measures. TaskUs believes two agents were part of a broader scheme involving attacks on multiple service providers linked to Coinbase.
The hackers are believed to be part of a loosely connected group known as “the Comm” or “Community” -- young, English-speaking cybercriminals who coordinate through Telegram and Discord. Unlike traditional hacking groups from Russia or North Korea, the Comm includes thrill-seeking teenagers and young adults who often compete for attention and success online.
According to a hacker who spoke with Fortune under the alias “puffy party,” different members of the group handled different parts of the operation: bribing agents, collecting data, and carrying out scams.
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.