Coinbase Global Inc. CEO Brian Armstrong confirmed that a former customer service agent for the largest U.S. crypto exchange has been arrested in India in connection with a high-profile security breach disclosed earlier this year.
The arrest relates to an incident first revealed in May, when Coinbase disclosed that hackers had bribed customer service representatives and contractors outside the United States to gain access to sensitive customer data. The attackers subsequently attempted to extort Coinbase with a $20 million ransom demand after obtaining the information.
Armstrong’s comments, made during a public appearance, confirmed the arrest of the ex-employee as part of the company’s ongoing cooperation with law enforcement authorities. According to Bloomberg News, Indian authorities detained the individual as investigations into the breach progressed.
At the time of the breach, Coinbase, which is headquartered in San Francisco, said that the security incident involved payments to insiders, who then used their credentials to access internal systems housing customer information.
That data was reportedly compromised and leveraged by the attackers in an attempt to coerce the exchange into meeting their ransom demand.
The company described the event as one of the most serious security lapses in the cryptocurrency industry, estimating that it could cost up to $400 million to fully remediate the fallout. Those costs include improving cybersecurity infrastructure, compensating affected customers, and addressing regulatory and legal obligations.
In response to the attack, Coinbase implemented enhanced protections, tightened access controls, and expanded monitoring of internal and third-party staff activities. Armstrong underscored that the company continues to work with international law enforcement and judicial bodies to hold all responsible parties accountable.
The arrest marks a significant development in a case that has drawn attention to the risks posed by insider threats and third-party access in crypto firms.
Security experts have widely noted that breaches involving social engineering and bribery of support personnel represent a growing challenge for digital asset platforms, which must simultaneously protect sensitive data and maintain service accessibility.
Coinbase has not yet disclosed details about whether additional arrests or charges are expected, but authorities and the company continue to investigate the full scope of the breach and its long-term implications for customer privacy and industry security practices.