US DoJ Said to Open Probe Into Coinbase Data Breach, Firm Claims Involvement of Indian Employees

Coinbase was recently impacted by a data breach, and the crypto firm is now working with US law enforcement agencies to identify the cybercriminals behind the attack. The exchange has reportedly claimed that its contractors and employees who were bribed to leak userdata to the criminals were from India. The US Department of Justice (DoJ) has now joined the US Securities and Exchange Commission (SEC) in the ongoing investigation. Coinbase has clarified that the exchange itself is not under probe, which is focused on finding the cyber criminals involved in executing the attack.

DoJ’s criminal division officials are probing the breach that affected the crypto firm, Bloomberg reported on Tuesday. Coinbase reportedly stated that employees in India provided the cybercriminals with user data access. International law enforcement agencies have also been roped into the probe.

As per Coinbase, the employees it identified as being involved in the case were fired immediately. The firm has yet to disclose the credentials of these former Coinbase employees.

In March, Coinbase announced its registration with India’s Financial Intelligence Unit (FIU) that legalised its operations in the country. This step had marked Coinbase’s re-entry into India after it halted its services in the market in 2023, after the National Payments Corporation of India (NPCI) blocked Coinbase’s feature to let Indian users purchase crypto assets using UPI services.

At the time, the exchange said it would offer its Base blockchain in India to enable developers to work on Web3 solutions on this low-cost, secure layer-2 platform built on the Ethereum mother chain.

Timeline of Developments So Far

On May 15, Coinbase and its CEO Brian Armstrong informed the exchange’s community about this data breach incident via X. They said that cyber actors had managed to obtain personal details of “less than one percent” of its users by bribing some overseas customer support agents. They added that the cyber actors managed to con some of its users into collecting funds from them using social engineering attacks. The exchange plans to voluntarily reimburse users who were scammed into making financial transactions to the attackers.

In an 8-K filing with the US SEC, the exchange said that these remediation expenses could cost the company between $180 million (roughly Rs. 1,541 crore) and $400 million (roughly Rs. 3,426 crore).

While Coinbase claims that no users’ private keys were compromised, it admitted that data like names, bank account numbers, and government IDs were stolen. The company has not revealed how many users have been impacted by the cyber strike.

Armstrong also said that the attackers had demanded a $20 million (roughly Rs. 171 crore) ransom for the stolen data, which was rejected by the crypto firm. Instead, Armstrong announced a reward fund of $20 million seeking assistance in tracking those responsible.

Between May 15 and May 16, at least six lawsuits were filed against Coinbase in the US. These legal filings accuse the exchange of failing to train its employees adequately, not being prompt and detailed in sharing information related to the attack, and for being improper in dealing with the aftermath. Coinbase has yet to respond to these lawsuits.