Coinbase Targets Rogue Insiders in Bribery Scandal and Data Breach
January 6, 2026
Rogue insiders suspected of accepting bribes to leak customer data are beginning to face justice, according to Coinbase CEO Brian Armstrong.
In a post on X (formerly Twitter) the day after Christmas, Armstrong announced that Hyderabad police had arrested a former Coinbase customer service agent involved in this scandal. He emphasized that more arrests are expected, saying, "Another one down and more still to come."
The crackdown follows a May disclosure by Coinbase revealing that a group of rogue overseas support agents had allegedly accepted bribes from cybercriminals in exchange for nearly 70,000 customer records. These records included names, addresses, phone numbers, email addresses, images of government IDs, account details, masked Social Security Numbers, bank information, and limited corporate data. Importantly, no 2FA codes, private keys, or wallet access details were compromised during the breach.
Despite the absence of wallet access data, criminals exploited the stolen personal information to deceive some Coinbase users into transferring cryptocurrency, by impersonating Coinbase employees. They also attempted to extort the company for $20 million.
In response, Coinbase announced in May that instead of paying the ransom, it was establishing a $20 million reward fund to incentivize tips leading to the arrest and conviction of those responsible. Details regarding whether the recent arrest coincides with any bounty payout have not been disclosed.
Criticism from Coinbase users and the public
Armstrong's announcement was met with significant backlash on X, with critics accusing Coinbase of outsourcing customer support to India, thereby increasing the risk of insider data exfiltration and bribery. Past reports have criticized Coinbase for poor customer service, with CNBC citing rampant account takeover attacks in 2021 and criticizing the platform’s inadequate support for affected customers.
James Wilson, a security researcher, dismissed Coinbase’s breach timeline claims as unconvincing, further fueling skepticism about the company’s handling of security incidents.
Additional criminal activity linked to Coinbase
Coinbase has also been involved in cracking down on other scams. On December 19, the company announced collaborative efforts with the Brooklyn District Attorney’s Office to investigate Ronald Spektor, a 23-year-old accused of impersonating Coinbase staff and stealing nearly $16 million from around 100 users nationwide through social engineering.
Law enforcement has recovered over $600,000 of Spektor’s alleged stolen proceeds. Coinbase clarified that Spektor’s case is separate from the overseas support agent bribery incident, with no direct connection between the two cases.
While Coinbase did not elaborate on the specifics of its customer service improvements or the bounty fund, a spokesperson affirmed active efforts to pursue fraudsters and protect its users.
For continuous updates on Coinbase security efforts and related cryptocurrency news, stay tuned.