Coinbase CEO Brian Armstrong has said that an ex-Coinbase customer service agent has been arrested in India, months after the crypto exchange uncovered a major insider‑driven data breach and extortion attempt.
In a post on X, Armstrong wrote: “We have zero tolerance for bad behaviour and will continue to work with law enforcement to bring bad actors to justice. Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.”
This is the first clear public confirmation from Coinbase’s top executive that Indian police have arrested a former support agent tied to the case.
We have zero tolerance for bad behavior and will continue to work with law enforcement to bring bad actors to justice.
— Brian Armstrong (@brian_armstrong) December 26, 2025
Thanks to the Hyderabad Police in India, an ex-Coinbase customer service agent was just arrested. Another one down and more still to come.
Coinbase reportedly stated to international agencies that the arrest is connected to an earlier security incident in which hackers bribed overseas customer support staff to copy sensitive customer data. A company spokesperson also reportedly linked the latest development to recent work with the Brooklyn District Attorney’s Office in the US, where prosecutors charged a man with a long‑running impersonation scheme targeting Coinbase customers.
Coinbase’s May breach disclosure
On May 14, 2025, Coinbase published a detailed blog titled “Protecting Our Customers – Standing Up to Extortionists”, describing how cybercriminals bribed a small group of “rogue overseas support agents” to steal data relating to less than 1 per cent of active users.
The attackers then tried to extort Coinbase, demanding $20 million to cover up the theft; the company refused, said it would reimburse affected customers and warned that fixing the damage could cost up to $400 million.
Coinbase stressed that the attackers did not obtain login credentials, private keys or direct access to customer funds, but that stolen information such as addresses and ID details could be misused for fraud and impersonation.
The company said at the time that the insiders were fired and referred to US and international law‑enforcement agencies, and that it would “press criminal charges”.
Last week, the company announced it was “committed to working with law enforcement to trace funds, support victims, and pursue accountability”. This came at the heels of the Brooklyn District Attorney’s Office announcing charges against a Brooklyn man accused of running a long-running impersonation scheme targeting Coinbase customers across the US.
Crypto scams aren't anon.
— Coinbase 🛡️ (@coinbase) December 19, 2025
Coinbase is committed to working with law enforcement to trace funds, support victims, and pursue accountability.
We're proud to have helped the Brooklyn DA bring justice in a long-running impersonation scam. And thanks @zachxbt for your contributions. pic.twitter.com/zXRLRSFEEp
“The defendant allegedly posed as a Coinbase representative, used social engineering tactics to convince victims their accounts were at risk, and then directed them to transfer funds to wallets controlled by the scammer, resulting in nearly $16 million in alleged thefts from about 100 victims, with more than $600,000 recovered so far,” noted Coinbase.
The latest arrest in India is part of a wider hunt for cryptocurrency fraud. On Thursday, Gurugram Police said they arrested three men from Rajasthan for allegedly using social media platforms to cheat people, luring them into fake cryptocurrency investment schemes.
