Original article by Ben Weiss , Fortune

Original translation: Yuliya, PANews

In May, Coinbase disclosed that hackers had stolen the personal data of thousands of customers and used it to trick victims into handing over their crypto assets. Coinbase stated that the incident could have resulted in losses of up to $400 million. Officially, the hack originated from an insider at an Indian outsourcing company, but the largest US crypto exchange has not yet disclosed the specific individuals implicated. New court documents reveal the identity of a suspect and his role in the incident, the most serious security breach in Coinbase's history.

According to an amended complaint filed Tuesday by class action law firm Greenbaum Olbrantz, the hack was linked to Ashita Mishra, an employee of TaskUs. TaskUs is a publicly traded, Texas-based company that provides outsourced customer service support to large technology companies and operates in a low-cost labor market. Mishra worked at TaskUs's service center in Indore, India.

The lawsuit alleges that starting in September 2024, Mishra began stealing confidential customer data, including Social Security numbers and bank account information. She agreed to sell this information to hackers, who then posed as Coinbase employees and tricked victims into transferring their crypto assets.

From September 2024 to January 2025, Mishra and another accomplice recruited more TaskUs employees to participate in the theft of customer information, forming a "complex radial conspiracy network" that funneled Coinbase customer data to criminals via TaskUs computers. The complaint cites a former TaskUs employee who claims even team leads and operations managers were involved.

By the time TaskUs finally realized the problem, Mishra's phone had data on over 10,000 Coinbase customers. The complaint alleges that Mishra and her accomplices were paid $200 per photo, and she sometimes took up to 200 photos of Coinbase customer accounts in a single day. Coinbase disclosed in regulatory filings that over 69,000 customers were ultimately affected.

As Fortune previously reported, the masterminds behind the bribery scheme appear to be young people in their teens or early twenties who belong to a loose hacker group called "the Comm."

The allegation that the data theft began in September 2024 is significant because Coinbase had previously said the attack took place in late December.

In another notable development, TaskUs claimed this month that not only external vendors but also internal Coinbase employees were involved in the hack, but the company did not elaborate further.

After the incident was exposed, a Coinbase spokesperson told Fortune: "We immediately notified affected users and regulators, compensated affected customers, strengthened controls on suppliers and internal personnel, and terminated our partnership with TaskUs. We refused to pay the ransom and instead established a $20 million reward for information leading to the suspect's arrest and conviction."

TaskUs did not immediately respond to requests for comment on the amended complaint. Fortune was unable to immediately locate Ashita Mishra.

TaskUs previously told Fortune: "The company considers the security of its customers and their user data a top priority and continues to strengthen its global security protocols and training programs."

A series of cover-ups

The story painted in the complaint is the most detailed account yet of one of the largest cryptocurrency hacks of the year and the most serious breach in Coinbase's more than decade-long history.

Other plaintiffs' attorneys have previously sued Coinbase over the hack, and Coinbase has been pushing for these lawsuits to be brought into arbitration. Arbitration has historically helped businesses mitigate financial losses and negative publicity, which may explain why the class action firm chose to sue TaskUs, the outsourcing provider, rather than Coinbase directly.

In the lawsuit, the law firm accused TaskUs of "taking steps to silence those with knowledge of the conspiracy." As Fortune previously reported, TaskUs laid off 226 employees in Indore in January. The lawsuit, citing a former employee, claimed the company took this drastic step because the conspiracy group "had so thoroughly infiltrated TaskUs' systems that the company was unable to identify all those implicated."

Additionally, on February 10, TaskUs decided to fire the human resources team that was supposedly investigating the breach, a move the lawsuit alleges was part of a "serious cover-up."

The new court filing by Greenbaum Olbrantz is an amendment to its original complaint filed in May, about two weeks after Coinbase disclosed the hack. The firm has previously filed several high-profile lawsuits, including one alleging that airlines sold "window seats" but actually seated passengers against windowless walls.

Coinbase is seeking to include the lawsuit in a consolidated lawsuit against all hack-related cases against the exchange, while TaskUs has filed a motion to dismiss the lawsuit and block its inclusion in the broader consolidated lawsuit.

"Our amended complaint reveals unprecedented details about how this data breach occurred, and we will continue to work diligently to hold all parties responsible accountable," Greenbaum Olbrantz co-founder Carter Greenbaum said in a statement.

Original link