Paying Indore-based BPO workers better salaries might have avoided the $400 million Coinbase crypto data hack

With the latest $400 million Coinbase database leak, crypto exchanges finally found their kryptonite—the underpaid customer service executive. When Fortune recently broke the story of criminals stealing the personal data of thousands of Coinbase customers, the investigation revealed what most economists already knew.

The weakest link was none other than the set of support agents sitting all the way back in India, and it did not take much to bribe them.

On May 15, Coinbase revealed its biggest security lapse ever, with losses estimated to be as much as $400 million. Even though it put a $20 million bounty on the perpetrators, the Fortune investigation revealed that they were just a “loose network of young English-speaking hackers”.

But at the centre of the leak was a small Texas-based BPO called TaskUs, which operated customer services to Coinbase at a low cost by employing Indians in customer care centres like the one they had in Indore.

TaskUs has been providing customer service to Coinbase since 2017, according to the investigation citing SEC filings. It also delved into how much a BPO worker page—just between $500 to $700 a month.

For India, it is much more than the mean BPO salary, cited Forbes. But in international terms, it is criminally lower than the federal minimum wage in the US. For instance, if someone worked just 20 days a month in 8-hour shifts at $7.25 per hour, they still made $1,160 that month.

And this is exactly why these BPO workers were the “weakest point in the chain” as Sergio Garcia, founder of the crypto investigations company Tracelon, told Forbes. According to the report, TaskUs laid off 226 of its employees working for Coinbase from its Indore service centre.

These underpaid BPO support staff in India were reportedly bribed by teenage hackers, as per the report. Not Russian and North Korean crypto hackers, but a “loose affiliation of teenagers and twentysomethings” who called themselves ‘the Comm’ or ‘Com’.

Using Telegram and Discord, the alleged perpetrators reportedly bribed the BPO agents to gather sensitive customer data, who then gave it a team that was proficient in carrying out social engineering scams.

While the investigation pointed to an “inside job”, it could be reasoned that if TaskUs had paid fair wages to customer service executives who handled queries from people who were pinged them to enquire about cryptocurrencies, this might have been avoided. The 1990 fair wage–effort hypothesis by Akerloff and Yellen and noted economics author Peter N. S. Lee point to the same.

Business