Michaela
A suspect has been named in the Coinbase data breach, with New York court filings alleging that TaskUs employees accepted more than $500,000 in bribes to leak sensitive customer data impacting thousands of users.
Key points:
- TaskUs employees allegedly accepted over $500K in bribes to leak Coinbase customer data, exposing information from more than 10,000 users.
- Court filings identify employee Ashita Mishra as a central figure, accused of coordinating a “hub-and-spoke” scheme to gather and distribute sensitive data.
- The breach intensified scrutiny of outsourcing in crypto, as critics warn third-party vulnerabilities could endanger user security and trust.
An amended class-action complaint filed Tuesday in the Southern District of New York alleges that employees of TaskUs, an outsourcing firm working with Coinbase, accepted bribes of $200 per photo to capture customer information from their computer screens. The scheme is believed to have generated more than $500,000, exposing sensitive data from thousands of Coinbase users.
Court filings identify TaskUs employee Ashita Mishra as a key figure in the Coinbase data breach, alleging her involvement began in September 2024. Investigators claim Mishra stored personal information from more than 10,000 Coinbase customers on her phone and captured as many as 200 photos daily. The documents outline a “hub-and-spoke” scheme in which Mishra and an accomplice coordinated smaller groups of TaskUs staff to gather and share sensitive user data.
Filings state that participants in the scheme operated in isolation, with each unaware of the others’ involvement. This structure allowed the operation to persist even if one member was identified or compromised.
The Coinbase data breach exposed a wide array of sensitive customer information, including names, contact details, portions of Social Security numbers, partial banking data, and images of government-issued IDs such as passports and driver’s licenses.
Additionally, the filing accused TaskUs of delaying disclosure, while plaintiffs claimed Coinbase became aware of the breach in January 2025 but did not disclose it publicly until May. By that time, criminals had allegedly stolen between $180 million and $400 million in customer assets. Coinbase later reimbursed customers whose accounts were compromised in the data breach.
In May, Coinbase dismissed the TaskUs employees implicated in the scheme, severed ties with other overseas contractors, and introduced stricter oversight measures, though it has not disclosed the identities of the additional foreign agents involved.
The incident has amplified calls for stronger oversight of outsourcing practices in the crypto sector, with industry observers warning that security gaps at contractors could expose users to heightened risks.
Follow on X
Follow on Instagram
Read More
- Coinbase Pushes DOJ to Block State Crypto Crackdowns, Cites Risks
- Coinbase Reveals How Crypto Projects Can Secure a High-Profile Listing
- Coinbase Pushes UK Blockchain Petition — Could It Spark a Parliament Debate?
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
