Coinbase Breach Traced to $200-Per-Image Insider Scheme

Newly released court documents have shed light on the Coinbase data breach. A major suspect has been identified in the exploit, which the exchange revealed had impacted ‘less than 1%’ of its monthly active users.

According to court documents, employees at a Coinbase outsourced customer service firm, TaskUs, allegedly stole sensitive customer information. This included Social Security numbers, bank account details, and more.

Sponsored

Sponsored

Court Documents Reveal Insider Plot Behind Coinbase Data Breach 

The incident came to public attention in May 2025. At the time, Coinbase disclosed that attackers bribed rogue support agents to access user data. BeInCrypto reported that the bad actors demanded a $20 million ransom. 

The exchange declined to pay it and instead announced a $20 million bounty for information that could help identify and prosecute those behind the attack. Now, the amended class action complaint, filed in the US District Court for the Southern District of New York, traces the breach back to TaskUs. It is a business process outsourcing company that Coinbase used for customer support. 

“According to personnel knowledgeable of the data breach, in 2024, criminal actors began a campaign of outreach to target and recruit TaskUs employees to join a conspiracy to exfiltrate PII of Coinbase users so that those criminals could steal cryptocurrency assets held by those users. As early as September 2024, TaskUs employee Ashita Mishra joined the conspiracy by agreeing to sell highly sensitive Coinbase user data to those criminals,” the filing reads.

Beginning in September 2024, a TaskUs employee in India, Ashita Mishra, allegedly started photographing sensitive customer records. Mishra then sold the stolen data to outside hackers for roughly $200 per image. The breach’s extent was vast. 

When TaskUs discovered the breach in early January 2025, Mishra’s phone alone held data on more than 10,000 Coinbase customers. Records showed that she took up to 200 photos on some days.  

According to the filings, it was a wider conspiracy involving multiple TaskUs employees who funneled stolen data to organized criminals. 

“Ms. Mishra and an accomplice operated smaller circles of disconnected TaskUs employees who participated in the conspiracy,” the documents revealed.

Sponsored

Sponsored

Furthermore, the complaint highlighted that despite uncovering the breach in early January 2025 and firing roughly 300 employees from its India-based centers, TaskUs and Coinbase did not immediately notify customers. As per the text, 

“Between January of 2025, when they became aware of the Data Breach, and May of 2025, TaskUs and Coinbase disclosed in their Form 10-Ks that they were not aware of any material data breaches impacting their respective companies.” 

Meanwhile, using the stolen details, fraudsters impersonated Coinbase representatives and convinced victims to transfer cryptocurrency into fraudulent wallets. Several plaintiffs report that the breach wiped out their life savings or retirement funds.

“The criminals utilized a standard playbook in order to carry out their scheme, successfully stealing as much as $400 million from unsuspecting victims by Coinbase’s own estimates,” the lawsuit noted.

The breach sparked widespread criticism as users reported being targeted by phishing and impersonation schemes. Furthermore, Coinbase faced a lawsuit following a decline in its stock price, which resulted in substantial investor losses.

In the aftermath, Coinbase severed ties with implicated TaskUs personnel and implemented stricter controls.

“We notified affected users and regulators immediately, reimbursed impacted customers, tightened vendor and insider controls, and ended our relationship with TaskUs,” Coinbase told Fortune.

To further strengthen its defenses, Coinbase says it is tightening its remote-work policies to reduce insider threats and prevent infiltration by foreign operatives, including North Korean actors.

The Coinbase breach illustrates the scale of damage that insider threats can cause in the crypto industry. Despite advanced technical defenses, human vulnerabilities at third-party providers remain an acute risk — one that even the world’s largest exchanges struggle to contain.