A revised lawsuit has been filed by the law firm Greenbaum Olbrant concerning the 2024 hack of the cryptocurrency exchange Coinbase, which led to significant data theft affecting thousands of clients. The updated complaint reveals added details surrounding the incident, which has raised concerns regarding data security and insider misconduct.
Previously, investigations traced the breach to bribery involving employees of TaskUs, a global outsourcing firm that provided customer support and moderation services for Coinbase. Recently released documents have pinpointed a suspected conspirator, Ashita Mishra, who worked at TaskUs’s service center in Indore, India.
The lawsuit reports that from September 2024 to January 2025, Mishra and her accomplices allegedly illicitly acquired confidential client data—such as social security numbers and banking information. This information was then sold to hackers, who posed as Coinbase employees to commit fraud against victims.
Additionally, the legal filing suggests that even individuals in higher management positions at TaskUs participated in the conspiracy, with several receiving payments of $200 per image of sensitive Coinbase client data. At the time TaskUs became aware of the breach, it was discovered that Mishra’s phone held information pertaining to over 10,000 exchange clients. The total number of affected individuals exceeded 69,000, representing less than 1% of Coinbase’s active users. The financial fallout from this incident, including remediation efforts and compensations, is estimated at around $400 million.
Sources indicate that the alleged orchestrators of this scheme belong to a hacker group known as The Comm. Following the revelations from the updated lawsuit, a Coinbase representative confirmed to Fortune magazine that the exchange has ended its business relationship with TaskUs. The spokesperson stated, “We immediately notified affected users and regulators, compensated for the damage, tightened control over suppliers and insider information. We refused to pay the criminals and instead announced a $20 million reward for information leading to arrests and convictions.”
Moreover, the lawyers representing Greenbaum Olbrant expressed concerns that TaskUs attempted to suppress knowledge of the breach. A former employee of the outsourcing firm claimed that in January, TaskUs terminated 226 staff members in Indore due to their inability to clearly identify all individuals involved in the breach.
In a related note, Bloomberg had previously reported that competing cryptocurrency exchanges, including Binance and Kraken, successfully countered social engineering attacks that had impacted Coinbase, highlighting an ongoing struggle within the industry to safeguard user information against emerging threats.
