Coinbase is facing backlash after a recent report claimed that the crypto exchange had learned about the recently disclosed data breach months before addressing it to the public, sparking a debate about transparency.
Six people familiar with the matter told Reuters that an India-based employee of the US outsourcing firm TaskUs was caught taking pictures of her work computer with her phone to sell it to hackers at the start of the year.
According to the report, multiple ex-employees allege that the suspected woman and an accomplice had “been feeding Coinbase customer information to hackers in return for bribes,” adding that the crypto exchange was immediately notified of the incident.
However, they did not disclose the identity of the other foreign agents. Meanwhile, TaskUS stated they had fired two employees for illegally accessing information from an undisclosed client.
In the statement, the outsourcing company claims to have “immediately reported this activity to the client,” as they “believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”
The hackers used the information to attempt to blackmail Coinbase, demanding a $20 million Bitcoin (BTC) ransom to return the sensitive data, which the crypto exchange refused to pay.
In the Securities and Exchange Commission (SEC) May filing, Coinbase affirmed that it was aware that contractors accessing the data “without business need were independently detected by the Company’s security monitoring in the previous months,” claiming that, after the blackmail attempt, they concluded “these prior instances of improper data access were part of a single campaign.”
Following the Reuters report, Coinbase was questioned about when it first became aware of the severity of the data breach. Crypto investors expressed their concerns about a potential lack of transparency, with some inquiring about the reasons for not disclosing the breach months ago.
