The inside story of Coinbase's largest "data breach" in history: outsourcers conspired with hackers to sell each data for $200

Amended class action documents filed in the Southern District of New York court reveal more details about the largest data breach in Coinbase history.
(Previous summary: Data of 69,000 Coinbase users leaked. Official: Maximum compensation of US$400 million, refusal to pay hacker ransom)
(Background supplement: Base chain announced that it is exploring "issuance of tokens", why did Coinbase reverse its promise not to issue tokens?)

Coinbase, a listed cryptocurrency exchange in the United States, received a ransom note from a hacker in May this year, and the hacker claimed to have mastered Coinbase. Later, Coinbase submitted documents to the U.S. Securities and Exchange Commission (SEC) confirming that 69,461 user information was leaked.

Affected information includes names, addresses, phone numbers, government identification documents, bank account details and transaction records. Although user login credentials and core wallets were not directly compromised, hackers used these data to conduct a large number of social engineering attacks, pretending to be Coinbase employees to defraud users, causing significant financial losses.

After the incident was exposed, Coinbase promised to fully compensate affected users and provide free identity protection services for one year. However, it delayed publicizing the incident until May (the incident can be traced back to September 2024), which triggered criticism from users and regulators.

New York court documents reveal: TaskUs employees accepted bribes and leaked secrets

Recently, according to an amended class action document filed in the Southern District Court of New York, the man behind the data leakage pointed to Coinbase’s outsourcing partner: the American business process outsourcing company TaskUs. Investigations revealed that criminals successfully penetrated into Coinbase's operating systems and stole a large amount of user information by bribing TaskUs customer support employees in India.

According to reports, TaskUs employees are accused of taking photos of Coinbase customer information displayed on computer screens and passing the photos to hackers for a price of $200 per photo. The investigation named an employee, Ashita Mishra, to have been involved in crimes since September 2024. She took up to 200 photos a day and stored the personal data of more than 10,000 users on her mobile phone. Moreover, the criminal gang adopts a "hub and spoke" model. Mishra and his associates direct multiple small groups to perform tasks, and the participants are unaware of each other. The complaint estimates that TaskUs employees received more than $500,000 in bribes through this method, equivalent to the combined annual salary of more than 100 employees in India.

The documents accuse TaskUs of systemic management failures and failure to effectively monitor employee behavior. In January 2025, TaskUs fired about 300 employees involved after discovering the breach, but the plaintiffs claim that the company tried to suppress the internal investigation, even fired the human resources personnel who raised concerns, and delayed disclosing the incident to Coinbase and the public, causing the losses to expand.

Follow-up handling of Coinbase and TaskUs

Coinbase took quick action after the incident was exposed, terminating cooperation with the TaskUs employees and other overseas agents involved, and offering a reward of US$20 million to capture the hackers. TaskUs is facing a reputation crisis. As a well-known BPO provider in the world, its management loopholes have also affected its cooperation with other technology companies.

Analysts pointed out that this incident highlights the risks of outsourcing sensitive business in the cryptocurrency industry, and may prompt exchanges to re-evaluate their overseas operating models in the future. The case is currently still in judicial proceedings, and subsequent developments will further affect the liability of Coinbase and TaskUs.