Forum
Finance
Specials
On-chain Eco
Entry
Podcasts
Activities
OPRR
Coinbase Suffers its Worst Data Breach Ever, 69,000 Customer Records Leaked Due to Outsourcing
Original Title: "Coinbase's Worst Data Breach Ever Exposed: Insider at Fault, Outsourced Customer Support Employee Secretly Takes Photos of Over Ten Thousand Customers' Data, Sells Each Photo for $200"
Original Source: Ben Weiss, Fortune
Original Translation: Yuliya, PANews
In May of this year, Coinbase revealed that hackers had stolen personal data from thousands of customers and used this information to trick victims into surrendering their cryptocurrency. Coinbase stated that this incident could lead to losses as high as $400 million. According to official statements, this hack originated from an insider at an outsourcing company in India, but the largest U.S. cryptocurrency exchange has not revealed specific individual information related to the case. The latest court documents have now disclosed the identity of a suspect and their role in this incident, marking it as the most severe security breach in Coinbase's history.
According to an amended complaint submitted on Tuesday by the law firm Greenbaum Olbrantz in a class-action lawsuit, this hack is connected to TaskUs employee Ashita Mishra. TaskUs is a publicly traded company based in Texas that mainly provides outsourced customer support to large tech companies and operates in low-cost labor markets. Mishra worked at TaskUs's service center in Indore, India.
The lawsuit alleges that starting in September 2024, Mishra began stealing confidential customer data, including social security numbers and bank account information. She agreed to sell this information to hackers, who then impersonated Coinbase employees to deceive victims into transferring their cryptocurrency.
From September 2024 to January 2025, Mishra and another accomplice recruited more TaskUs employees to participate in stealing customer information, forming a "sophisticated and sprawling conspiracy network" to transfer Coinbase customer data to criminals through TaskUs computers. The complaint cited a former TaskUs employee stating that even team leads and operations managers were involved.
By the time TaskUs realized the issue, Mishra had stored data from over 10,000 Coinbase customers on her phone. The lawsuit pointed out that Mishra and her accomplices received $200 in reward for each photo, and sometimes she would take up to 200 photos of Coinbase customer accounts in a day. Coinbase disclosed in regulatory filings that over 69,000 customers were ultimately affected.
According to a previous Fortune report, the masterminds behind this bribery scheme appear to be some teenagers or young adults in their early twenties, affiliated with a loosely organized hacker group called "the Comm."
The significance of the data theft charges starting from September 2024 is notable as Coinbase had previously stated that the attack occurred in late December.
In another noteworthy development, TaskUs claimed this month that not only external vendors but also internal Coinbase employees were involved in this hacking incident, although the company did not provide further details.
In the wake of the incident, a Coinbase spokesperson told Fortune, "We immediately notified the affected users and regulatory agencies, compensated the impacted customers, strengthened controls over vendors and internal staff, and terminated our partnership with TaskUs. We refuse to pay ransom to criminals and have instead established a $20 million reward to gather information leading to the arrest and conviction of the suspects."
TaskUs did not immediately respond to requests for comment on the amended complaint. Fortune also could not immediately reach Ashita Mishra for contact.
TaskUs had previously told Fortune, "The company considers the security of customer and user data a top priority and will continue to enhance global security protocols and training programs."
A Series of Cover-Up Actions
The narrative depicted in the complaint is to date the most detailed account of one of the largest cryptocurrency hacking events this year and the most severe vulnerability in Coinbase's over a decade of history.
Other plaintiffs' attorneys had previously sued Coinbase over the hacking incident, and Coinbase had been pushing to have those lawsuits resolved through arbitration. Arbitration has traditionally helped companies mitigate financial losses and negative publicity, perhaps explaining why the class-action law firm chose to sue the outsourcing partner TaskUs rather than directly sue Coinbase.
In the complaint, the law firm accuses TaskUs of "taking measures to keep whistleblowers silent." As previously reported by Fortune, in January of this year, TaskUs laid off 226 employees in India. The complaint cites a former employee stating that the company took this drastic action because the conspiracy group "had so pervasively infiltrated the TaskUs system that the company couldn't identify all involved individuals."
Additionally, on February 10, TaskUs decided to dismiss the HR team originally responsible for investigating the leak incident. The complaint alleges that this was part of "a series of cover-up actions."
The new court filing submitted by Greenbaum Olbrantz is an amended version of the May initial complaint. At that time, Coinbase had just disclosed the hack about two weeks prior. The law firm had previously initiated several high-profile lawsuits, including one accusing an airline of selling "window seats" but actually seating passengers next to windows without a view.
On the Coinbase side, they sought to have this lawsuit included in a consolidated lawsuit covering all hack-related cases against the exchange. TaskUs, however, filed a motion to dismiss this lawsuit and prevent it from being included in a broader consolidation of lawsuits.
Greenbaum Olbrantz co-founder Carter Greenbaum said in a statement, "Our amended complaint has unprecedentedly revealed how this data breach occurred, and we will continue to pursue the legal responsibility of all parties involved."
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
