A former customer service agent linked to Coinbase has been arrested in India in connection with a large-scale customer data breach, marking a significant breakthrough in an investigation that has spanned multiple jurisdictions.
The arrest was confirmed by Brian Armstrong, who stated that additional arrests are expected as authorities continue to pursue those involved.
How the Breach Was Carried Out
According to details shared by Coinbase, the attackers did not exploit a technical vulnerability. Instead, they bribed offshore customer support staff in India, gaining unauthorized access to internal systems that contained sensitive user information.
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
— Brian Armstrong (@brian_armstrong) December 26, 2025
This social-engineering approach allowed the hackers to bypass existing safeguards without directly compromising Coinbase’s core infrastructure.
Scope of the Compromised Data
The breach exposed personal information belonging to approximately 69,461 customers. The compromised data included names, email addresses, phone numbers, and physical mailing addresses. Coinbase emphasized that no account passwords, private keys, or cryptocurrency funds were accessed through this method.
The incident was first disclosed publicly in May 2025, after Coinbase identified the internal access abuse and began notifying affected users.
Ransom Demand and Financial Impact
Following the breach, the attackers attempted to extort Coinbase, demanding a $20 million ransom in exchange for not releasing or misusing the stolen data. Coinbase refused to pay. Instead, the company announced a matching bounty offerfor information that could lead to arrests and convictions of those responsible.
Coinbase has warned that the total cost of remediation, including customer notifications, security upgrades, legal expenses, and potential liabilities, could reach as high as $400 million.
International Law Enforcement Cooperation
The arrest was made possible through coordinated efforts between Coinbase, U.S. authorities, and Indian law enforcement, including the Hyderabad Police and the Brooklyn District Attorney’s Office.
Armstrong publicly thanked Indian authorities for their cooperation, reiterating Coinbase’s stance of “zero tolerance for bad behavior” and its willingness to work closely with law enforcement across borders.
Related Charges and Ongoing Investigation
This development follows recent charges filed against a Brooklyn-based individual involved in a separate but related phishing operation that leveraged the stolen customer data. Investigators believe multiple actors were involved across different regions, and the case remains active.
Coinbase has indicated that further arrests are likely as investigators continue tracing financial flows and identifying additional participants connected to the breach.
