Coinbase CEO Brian Armstrong confirmed on Friday that an ex-employee of the crypto exchange has been arrested in India, following a significant breach where hackers stole sensitive customer data and demanded a $20 million ransom for its return. The incident, which occurred in May, involved criminals bribing Coinbase support agents to access confidential information, including home addresses, bank details, and user ID photos.
Despite the severity of the breach, Coinbase maintained that no customer funds were taken during the cyberattack. The company opted not to comply with the ransom demand, standing firm in its policy against paying hackers. In a post on X, Armstrong emphasized the company’s commitment to combating misconduct, stating, “We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.” He expressed gratitude to the Hyderabad Police for their role in facilitating the arrest of the former employee and hinted at further actions against others involved.
This hack underscores vulnerabilities even within leading firms in the crypto industry, particularly given Coinbase’s status as the largest cryptocurrency exchange in the United States. The company, which went public in 2021, disclosed in May that addressing the breach could cost up to $400 million, indicating the gravity of the situation and making it one of the most prominent cyber exploits of 2025.
A legal filing revealed that the personal data of nearly 70,000 users had been compromised, with the breach remaining undetected until May 11. Concerns were raised among industry experts regarding Coinbase’s employee vetting procedures following this incident, even though no private keys or actual customer funds were accessed during the breach. Coinbase has insisted that it was never directly hacked, but rather, internal vulnerabilities were exploited.
As investigations continue, the company remains vigilant in its efforts to protect its users and reinforce their security measures in light of this alarming incident.
