Newly released court documents have shed light on the Coinbase data breach. A major suspect has been identified in the exploit, which the exchange revealed had impacted ‘less than 1%’ of its monthly active users.
According to court documents, employees at a Coinbase outsourced customer service firm, TaskUs, allegedly stole sensitive customer information. This included Social Security numbers, bank account details, and more.
Sponsored
Sponsored
Court Documents Reveal Insider Plot Behind Coinbase Data Breach
The incident came to public attention in May 2025. At the time, Coinbase disclosed that attackers bribed rogue support agents to access user data. BeInCrypto reported that the bad actors demanded a $20 million ransom.
The exchange declined to pay it and instead announced a $20 million bounty for information that could help identify and prosecute those behind the attack. Now, the amended class action complaint, filed in the US District Court for the Southern District of New York, traces the breach back to TaskUs. It is a business process outsourcing company that Coinbase used for customer support.
Beginning in September 2024, a TaskUs employee in India, Ashita Mishra, allegedly started photographing sensitive customer records. Mishra then sold the stolen data to outside hackers for roughly $200 per image. The breach’s extent was vast.
When TaskUs discovered the breach in early January 2025, Mishra’s phone alone held data on more than 10,000 Coinbase customers. Records showed that she took up to 200 photos on some days.
According to the filings, it was a wider conspiracy involving multiple TaskUs employees who funneled stolen data to organized criminals.
Sponsored
Sponsored
Furthermore, the complaint highlighted that despite uncovering the breach in early January 2025 and firing roughly 300 employees from its India-based centers, TaskUs and Coinbase did not immediately notify customers. As per the text,
Meanwhile, using the stolen details, fraudsters impersonated Coinbase representatives and convinced victims to transfer cryptocurrency into fraudulent wallets. Several plaintiffs report that the breach wiped out their life savings or retirement funds.
The breach sparked widespread criticism as users reported being targeted by phishing and impersonation schemes. Furthermore, Coinbase faced a lawsuit following a decline in its stock price, which resulted in substantial investor losses.
In the aftermath, Coinbase severed ties with implicated TaskUs personnel and implemented stricter controls.
To further strengthen its defenses, Coinbase says it is tightening its remote-work policies to reduce insider threats and prevent infiltration by foreign operatives, including North Korean actors.
The Coinbase breach illustrates the scale of damage that insider threats can cause in the crypto industry. Despite advanced technical defenses, human vulnerabilities at third-party providers remain an acute risk — one that even the world’s largest exchanges struggle to contain.
Source: https://beincrypto.com/coinbase-data-breach-insider-plot-court-documents/
