Rogue insiders suspected of taking bribes to hand over Coinbase customer records to criminals are beginning to face justice, according to CEO Brian Armstrong.

The Coinbase chief said on X the day after Christmas that Hyderabad police had arrested an ex-Coinbase customer service agent, and that the apprehensions weren't going to stop there. 

"Another one down and more still to come," Armstrong said. 

The arrest follows a May disclosure by Coinbase that "a group of rogue overseas support agents" working for the US-based cryptocurrency exchange had allegedly taken bribes from cybercriminals in exchange for nearly 70,000 customer records. 

According to Coinbase, the December 2024 incident involved the theft of names, addresses, phone numbers, email addresses, images of government IDs, account data, masked SSNs and bank account information, and "limited corporate data." Despite the extensive theft of personally identifying information, no 2FA codes, private keys, or access to wallets were obtained as part of the breach.

Nonetheless, the criminals behind the theft reportedly used the stolen information to trick some Coinbase users into handing over cryptocurrency while posing as Coinbase employees, as well as trying to use the incident to extort the company for $20 million. 

"Instead of paying the $20 million ransom, we're establishing a $20 million reward fund for information leading to the arrest and conviction of the attackers," Coinbase said in May. It's not clear if the arrest has coincided with any bounty payout; we reached out to Coinbase with questions for this story but didn't get a direct response to any of our questions. 

A history of complaints

X users met Armstrong's post about the arrest in India with considerable criticism, accusing the company of opening its customers up to the bribery of customer service representatives and exfiltration of its data by outsourcing its customer service to India instead of relying on US-based agents to support its users. 

Coinbase has been accused of having poor customer service in the past, with CNBC reporting in 2021 that account takeover attacks on the platform were rampant, and that the company allegedly left customers hanging when they asked for the outfit to help restore access to their accounts or claw back their stolen digital cash. 

• Security researcher calls BS on Coinbase breach disclosure timeline
• Crypto crooks co-opt stolen AWS creds to mine coins
• FBI dismantles alleged $70M crypto laundering operation
• Crypto-crasher Do Kwon jailed for 15 years over $40bn UST bust

While Coinbase didn't touch on our questions about the state of its customer service or the bounty fund, a spokesperson did tell us that it was busily chasing down fraudsters bilking its customers out of cash. 

According to a December 19 blog post, Coinbase said it worked with the Brooklyn District Attorney's Office to support the investigation and charging of a Brooklyn man accused of impersonating a Coinbase representative and stealing nearly $16 million from about 100 users nationwide.

The Brooklyn DA alleges that 23-year-old Ronald Spektor had engaged in a long-running social engineering scam tricking Coinbase users into believing their accounts were at risk from being compromised, posing as a Coinbase customer service rep, and convincing them to hand over their crypto coins, which were transferred to a wallet under Spektor's control. 

More than $600,000 of the suspect's alleged proceeds have been recovered by law enforcement so far, Coinbase said earlier this month.

Coinbase told The Register during a phone conversation on Monday that, despite the seeming similarity between Spektor's charges and the overseas customer service bribery theft, the two aren't related. ®