
Newly unsealed court filings and state records reveal details about a massive data breach at Coinbase, one of the world’s largest cryptocurrency exchanges. The incident, traced to an employee of Coinbase’s customer service contractor TaskUs, exposed sensitive data of more than 69,000 customers.
According to the filings, TaskUs employee Ashita Mishra stole Coinbase user data starting in December 2024. Using her personal phone, she allegedly photographed Social Security numbers, bank account details, and government IDs from Coinbase accounts. She then sold these images to hackers for $200 each.
Hackers used the stolen information to impersonate Coinbase staff in calls and emails, tricking users into transferring funds. Some customers lost their entire retirement savings, the documents say.
The breach was discovered on May 11, 2025, but Coinbase did not notify affected users until May 30, 2025. By then, attackers had already drained many accounts.
Coinbase confirmed the scope of the incident in a Data Breach Notification filed with Maine regulators:
The filing was submitted by Michael Rubin, an attorney at Latham & Watkins LLP, acting as outside counsel for Coinbase.
In a separate SEC filing, Coinbase estimated that remediation costs and voluntary customer reimbursements could total between $180 million and $400 million. The company added that this figure could increase or decrease depending on indemnification claims and potential recoveries.
The lawsuit claims TaskUs learned of the misconduct in January 2025 but sought to contain the damage by firing more than 300 employees and dissolving its internal investigation team instead of disclosing the breach. Plaintiffs accuse TaskUs of negligence, fraud, and breach of contract.
While TaskUs initially downplayed the breach as the work of “two individuals,” investigators allege the scheme involved a wider network of employees and supervisors.
Coinbase has cut ties with the implicated TaskUs staff and said that “rogue overseas support agents” were to blame. The exchange has offered free identity protection services to all affected customers and pledged to tighten internal controls.
Still, victims remain at risk. The lawsuit also said that fraud attempts continue, and some customers fear physical harm now that home addresses and bank details have been exposed.
An employee at Coinbase’s contractor TaskUs stole data for 69,000+ users, selling it to hackers who impersonated support staff and stole up to $400 million from victim accounts.
Enable two-factor authentication, monitor accounts for suspicious activity, and use the free IDX credit monitoring offered by Coinbase, which includes $1M insurance.
Coinbase has strengthened internal controls, but users should always enable robust security features like 2FA and be wary of unsolicited support calls or emails requesting transfers.
The crypto market has been bleeding red over the past few weeks, with Bitcoin hovering…
Bitcoin is once again at a critical level, and traders are asking the big question:…
KITE crypto has quietly transitioned from low-volatility consolidation into full-blown on-chain expansion and the data…
Tether's USDT just posted a $1.5 billion supply drop in February, marking the largest monthly…
Ethereum has quietly crossed a major threshold. More than half of its total supply is…
AI agents can now pay for services using XRP and RLUSD on the XRP Ledger,…