Новые подробности схемы утечки данных из Coinbase: обманутые клиенты и соучастие сотрудников TaskUs Translation: New details of the Coinbase data leak scheme revealed: deceived clients and complicity of TaskUs employees.

The law firm Greenbaum Olbrant has filed an updated lawsuit concerning the 2024 hacking incident involving cryptocurrency exchange Coinbase, which resulted in the theft of data from thousands of the platform’s clients. The complaint reveals new details about the event.

It was previously reported that the data breach was linked to the bribery of employees from the international outsourcing firm TaskUS, which provided customer support and moderation services for the exchange. The latest document discloses the name of a suspected conspirator—Ashita Mishra, a worker at the TaskUs service center in Indore, India.

According to the lawsuit, between September 2024 and January 2025, she, along with accomplices, stole sensitive customer data, including Social Security numbers and banking information. Mishra then sold this data to hackers, enabling them to impersonate Coinbase employees and trick victims into transferring cryptocurrency.

Court documents indicate that even group leaders and operations managers were involved in the conspiracy. They received $200 for each photograph of a Coinbase customer’s data. By the time TaskUs became aware of the breach, Mishra had information on over 10,000 exchange clients stored on her phone.

In total, more than 69,000 individuals were affected by the data leak, amounting to less than 1% of active users, as previously reported by Coinbase. The exchange has estimated the costs for resolving the incident and compensating victims at $400 million.

As noted by Fortune magazine, the alleged masterminds behind the scheme were members of a loose group of hackers known as The Comm.

In a statement to the publication following the filing of the updated lawsuit, a Coinbase representative announced that the exchange had severed ties with TaskUs:

«We immediately informed affected users and regulatory authorities, compensated for damages, tightened controls over vendors and insider information. We refused to pay the criminals and instead announced a $20 million reward for information that leads to arrests and convictions.»

Greenbaum Olbrant’s attorneys emphasized that TaskUs «took actions to silence those who were aware of the breach.» In January, the outsourcing company terminated 226 employees working in Indore. The company resorted to this extreme measure because it «could not identify all the individuals involved,» according to the complaint citing a former employee of the outsourcer.

It is worth mentioning that in May, Bloomberg reported that Binance and Kraken successfully defended against attacks employing social engineering tactics that had previously impacted Coinbase.