Indian police have arrested a former Coinbase customer support employee in connection with a large-scale data theft.
The arrest followed a months-long investigation into a breach that exposed sensitive user information.
Authorities said the suspect operated as part of a wider criminal network targeting Coinbase systems.
Investigators believe the infiltration began in December 2024 through compromised offshore support operations.
The former employee allegedly accessed and transferred customer data to external cybercriminals.
Exposed information included customer names, addresses and identity verification documents.
Coinbase confirmed that 69,461 user accounts were affected by the breach.
The company said no cryptocurrency funds were stolen directly from customer wallets.
Cybercriminals demanded a $20 million ransom to prevent public disclosure of the data.
Coinbase refused to pay the ransom and instead escalated the matter to law enforcement.
The exchange announced a $20 million bounty to help identify all individuals involved.
Coinbase chief executive Brian Armstrong issued a firm public response following the arrest.
We have zero tolerance for malicious behaviour and will continue to cooperate with law enforcement.
Brian Armstrong said.
Coinbase said the breach resulted from human misconduct rather than a technical vulnerability.
Investigators linked the operation to customer support contractors operating in India.
TaskUs, a US-based outsourcing firm, was identified as the employer of the compromised agents.
Police said at least two support workers were recruited by the criminal group.
The case has raised concerns across the crypto sector about insider threats.
Coinbase estimated remediation and security upgrades could cost between $307 million and $400 million.
The company described the spending as one of the largest post-breach responses in 2025.
Coinbase also faces shareholder litigation over the timing of its public disclosure.
Plaintiffs allege delays in notifying investors about the scale of the breach.
Coinbase said it remains committed to transparency and regulatory cooperation.
The incident has renewed calls for stricter oversight of outsourced support services.
Industry analysts say the case highlights persistent human risk in digital finance.
Coinbase stressed it would prioritise long-term trust over short-term reputational concerns.
Executives said the exchange would continue investing in advanced security measures.