Cryptocurrency giant Coinbase has been linked to a massive customer data breach that originated in India, and the damage could cost up to $400 million.

According to six people familiar with the matter, Coinbase actually knew about the leak as far back as January. Still, full details are only now coming to light through a Reuters investigation.

Behind the $400 Million Fallout

At the heart of the breach is an outsourcing partner: TaskUs, a U.S. based firm with operations in India. On May 14, Coinbase disclosed in an SEC filing that part of the breach involved unauthorized access to employee data.

But sources say the situation is far worse. India, an employee of TaskUs was caught taking photos of her work computer using her personal phone, allegedly to leak sensitive Coinbase customer data to hackers in exchange for bribes.

“She and a suspected accomplice were feeding Coinbase customer information to hackers,”

said five former TaskUs employees and one person familiar with the case. The whistleblowers say the incident was witnessed live and reported immediately.

Chain Reaction: The Fallout from Coinbase’s $400M Breach

Following this discovery, more than 200 TaskUs employees were fired in a sudden mass layoff that triggered major coverage in Indian media. Coinbase had originally blamed “support agents overseas” for the breach, but it turns out the problem was far more specific and serious.

Although a lawsuit filed last week in Manhattan had previously hinted at a TaskUs connection, the full scope and timeline of events now raise major questions: When exactly did Coinbase first learn how deep this breach went?

Coinbase Breaks Silence

In its May filing, Coinbase stated:

“Contractors accessed employee data ‘without business need’ in ‘previous months.’”

But only after receiving an extortion demand on May 11 did Coinbase realize that this wasn’t an isolated case, it was part of a broader, coordinated attack.

Coinbase responded with damage control, saying in a statement to Reuters:

“The incident was recently discovered, and it had ‘cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls.’”

Coinbase did not name the other foreign agents involved.

TaskUs Responds

TaskUs, for its part, issued a statement confirming:

“Two employees had been fired early this year after they illegally accessed information from a client, which it did not identify.”

“We immediately reported this activity to the client,” the company said. “We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client.”

A source close to the investigation confirmed that the client was Coinbase and that the events took place in January.

As of now, no arrests have been confirmed. Police in Indore did not respond to requests for comment, and Coinbase has yet to reveal the full extent of the damage.