News
  • ๏ปฟAnjali Belgaumkar
    author-profile
    ๏ปฟAnjali Belgaumkar right arrow
    Author

    Writer by choice, CryptoCurrency Writer, and Researcher by chance. Currently, focusing on financial news and analysis, as well as cryptocurrency news and data. One may not call me a crypto โ€œEnthusiastโ€ but trust me I'm getting there.

    • author twitter
    • linkedin
  • Reviewed by: Qadir AK
    author profile
    Qadir AK right arrow
    Reviewed

    Qadir Ak is the founder of Coinpedia. He has over a decade of experience writing about technology and has been covering the blockchain and cryptocurrency space since 2010. He has also interviewed a few prominent experts within the cryptocurrency space.

    • author facebook
    • author twitter
    • author linkedin
  • 2 minutes read

69,000 Victims, $200 per Photo: India Employee Tied to Coinbase Data Leak

Story Highlights
  • Insider at Coinbase contractor TaskUs stole sensitive data of 69,000+ users, fueling a $400M fraud scheme.

  • Lawsuit alleges TaskUs covered up the breach, while Coinbase offers identity protection amid ongoing risks.

Newly unsealed court filings and state records reveal details about a massive data breach at Coinbase, one of the worldโ€™s largest cryptocurrency exchanges. The incident, traced to an employee of Coinbaseโ€™s customer service contractor TaskUs, exposed sensitive data of more than 69,000 customers.

Insider Breach and Criminal Scheme

According to the filings, TaskUs employee Ashita Mishra stole Coinbase user data starting in December 2024. Using her personal phone, she allegedly photographed Social Security numbers, bank account details, and government IDs from Coinbase accounts. She then sold these images to hackers for $200 each.

Hackers used the stolen information to impersonate Coinbase staff in calls and emails, tricking users into transferring funds. Some customers lost their entire retirement savings, the documents say.

The breach was discovered on May 11, 2025, but Coinbase did not notify affected users until May 30, 2025. By then, attackers had already drained many accounts.

State Breach Notification Filing

Coinbase confirmed the scope of the incident in a Data Breach Notification filed with Maine regulators:

  • Total individuals affected: 69,461
  • Maine residents affected: 217
  • Breach date: December 26, 2024
  • Discovery date: May 11, 2025
  • Cause: Insider wrongdoing
  • Notification method: Written notice, sent May 30, 2025
  • Identity protection services: One year of free credit monitoring and identity restoration from IDX, including a $1 million insurance policy and dark web monitoring

The filing was submitted by Michael Rubin, an attorney at Latham & Watkins LLP, acting as outside counsel for Coinbase.

In a separate SEC filing, Coinbase estimated that remediation costs and voluntary customer reimbursements could total between $180 million and $400 million. The company added that this figure could increase or decrease depending on indemnification claims and potential recoveries.

Alleged Cover-Up by TaskUs

The lawsuit claims TaskUs learned of the misconduct in January 2025 but sought to contain the damage by firing more than 300 employees and dissolving its internal investigation team instead of disclosing the breach. Plaintiffs accuse TaskUs of negligence, fraud, and breach of contract.

While TaskUs initially downplayed the breach as the work of โ€œtwo individuals,โ€ investigators allege the scheme involved a wider network of employees and supervisors.

Coinbase Response

Coinbase has cut ties with the implicated TaskUs staff and said that โ€œrogue overseas support agentsโ€ were to blame. The exchange has offered free identity protection services to all affected customers and pledged to tighten internal controls.

Still, victims remain at risk. The lawsuit also said that fraud attempts continue, and some customers fear physical harm now that home addresses and bank details have been exposed.

Never Miss a Beat in the Crypto World!

Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.

FAQs

What happened in the Coinbase data breach?

An employee at Coinbase’s contractor TaskUs stole data for 69,000+ users, selling it to hackers who impersonated support staff and stole up to $400 million from victim accounts.

What should I do if my Coinbase data was stolen?

Enable two-factor authentication, monitor accounts for suspicious activity, and use the free IDX credit monitoring offered by Coinbase, which includes $1M insurance.

Is Coinbase safe to use after the data breach?

Coinbase has strengthened internal controls, but users should always enable robust security features like 2FA and be wary of unsolicited support calls or emails requesting transfers.

Trust with CoinPedia:

CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.

Investment Disclaimer:

All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.

Sponsored and Advertisements:

Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.

Show More

Related Articles

Back to top button