Cybercriminals have long targeted computer networks to steal sensitive data, but a new trend is emerging in the cybercrime landscape: hackers are now recruiting insiders within organizations to extract valuable business intelligence.
Recently, cryptocurrency exchange Coinbase fell victim to such an insider threat. A forensic investigation into the breach revealed surprising details that have since been officially disclosed.
According to information obtained by Cybersecurity Insiders, Coinbase was targeted by a sophisticated attack in January 2025. Hackers bribed employees of TaskUs, a Texas-based firm providing customer support for Coinbase, to steal and relay sensitive information.
In December 2024, two female TaskUs employees accepted bribes to pass on confidential data to the attackers. They were also instructed to recruit additional colleagues, who were subsequently embedded as insiders working on behalf of the hackers.
An internal investigation launched early this year identified these two employees as responsible for leaking information. Further inquiries revealed that the newly recruited staff were also collaborating with the cybercrime group to leak data.
Coinbase confirmed that all implicated employees have been terminated and are under investigation. Additionally, TaskUs is expected to face legal action from U.S. authorities. Employees from both its U.S. and India-based customer support teams may also face consequences. The financial impact of the attack is estimated between $180 million and $400 million.
The hackers, believed to be affiliated with the notorious Lazarus Group from North Korea, are reportedly demanding $20 million to avoid releasing the stolen data on the dark web.
TaskUs, an outsourcing company providing AI-driven risk and response services, has not yet publicly commented on the incident but has initiated its own investigation and promised to issue a formal statement once it concludes.
Join our LinkedIn group Information Security Community!
