×
A powerful documentary on how Bitcoin and blockchain are reshaping money, power, and geopolitics—from El Salvador’s Bitcoin experiment and Europe’s regulatory revolution to the rise of decentralized finance and the new global financial order.
In a significant turnaround for one of the year's most-watched computer security investigations, a former customer support agent of Coinbase was arrested in India.
The arrest, confirmed by CEO Brian Armstrong on 27 December, is linked to a serious systems breach stemming from incidents of internal corruption and theft of personal data.
The investigation and arrest
Armstrong publicly expressed his gratitude to the Hyderabad Police for their crucial support in this operation. The incident has put the spotlight on the operational management of security on exchanges, raising questions about who has access to support tools and oversight of outsourced teams. Coinbase described the incident to regulators as an extortion attempt based on privileged access obtained through bribes.
According to reports to the SEC, the company received a blackmail e-mail on 14 May, in which the attacker claimed to have internal documents and customer information. This data, stolen from account management systems, was later used to launch sophisticated social engineering attacks against users of the platform.
The Numbers of the Breach
Details filed with the Maine Attorney General's office give a precise chronology:
In addition to the action by local authorities, the US Department of Justice (DOJ) also opened a file in early 2025, adding an additional layer of federal scrutiny on the company's control protocols.
Financial impact: a $355-million bill
The remediation and voluntary reimbursements for customers who lost funds due to the scams took a huge toll on budgets. Although Coinbase had initially estimated costs between $180 million and $400 million, the actual figures are now approaching the upper limit.
In its Q3 2025 letter to shareholders, the company reported 'data theft incident' costs of $48 million in Q3, adding up to $307 million in Q2. The total of $355 million represents about 89% of the maximum forecast, a sign that the most acute phase of the event-related financial crisis may be nearing an end.
The Human Factor and Risks of 2026
The Coinbase incident shifts the focus of cybersecurity away from custodial technology (private keys and on-chain infrastructure) and towards human workflow and identity. Support agents were bribed or recruited to extract information that made identity theft and account takeovers possible.
This vulnerability is not isolated to the crypto sector: Verizon's Data Breach Investigations Report 2025 highlights that third-party involvement in breaches has doubled globally to 30 per cent. For exchanges, the operational response will need to include 'least privilege' designs, session monitoring and out-of-band audits for high-risk changes.
The Regulatory Context
While the Brooklyn District Attorney's office prosecutes a 23-year-old young man accused of stealing $16 million from 100 Coinbase users via phishing, Europe is moving forward with the Digital Operational Resilience Act (DORA), which imposes strict controls on ICT vendors. Even in the UK, the FCA is consulting the industry to define expectations for technology resilience.
For investors and users, the immediate effect is a change in custody behaviour: fear of impersonation and unauthorised access is pushing many towards self-custody, potentially thinning the order books on exchanges for less liquid assets.
Read Next
Coinbase acquires Deribit: breakthrough in crypto trading
Coinbase makes a historic move by acquiring Deribit, the global leader in crypto derivatives, for $2.9 billion.