New details in the Coinbase breach – the link to TaskUs and the root of the incident traced back to January raise fresh questions about security practices and contractor collaboration policies.
Third Parties as a Top Risk – Coinbase Proves the Point
The Coinbase security incident is once again under discussion – and likely not for the last time.
Unlike the Bybit case, this investigation lacks the same level of transparency, which ultimately helped Bybit gain strong support from the industry and its community, enabling it to recover its reserves and liquidity relatively quickly.
Still, there is one similarity: both exchanges encountered the risk of third-party unreliability and vulnerability. The latest information from Reuters sheds further light on this. According to them, Coinbase was aware of unauthorized access to customer data as early as January 2025, as confirmed by six sources, including former employees of TaskUs.
TaskUs is a Coinbase contractor, and it was in their office in India that one of the employees was reportedly caught photographing her work screen using a personal phone. According to three former TaskUs employees and a source familiar with the investigation, the data may have been passed to third parties in exchange for bribes. It is also noted that more than 200 TaskUs employees were dismissed following a large-scale internal investigation.
Coinbase stated that once the source of the leak was identified, the company severed ties with the TaskUs personnel involved, as well as other overseas agents, and tightened access controls. But one issue stands out clearly.
If the sources are correct and Coinbase knew about the incident back in January, then why was the official filing made only on May 14? This raises serious concerns about Coinbase’s internal security policies and incident response procedures.
Conclusion
Coinbase is a critically important infrastructure provider – not only one of the largest crypto exchanges but also the most widely used custodian for a number of major crypto projects.
In other words, it carries an extraordinary degree of responsibility to the entire industry, leaving no room for error – especially when the issue is not a zero-day exploit but the effectiveness of long-standing internal security protocols and procedures.
We may conclude similar to the Bybit case. Are the contractors’ actions Coinbase’s fault? Of course not. But is it Coinbase’s responsibility to proactively eliminate such risks – given its systemic role in the industry? Absolutely.
Stay with us to access fresh info and gain a deeper understanding of crypto, blockchain, and the technology that powers it.
