Revised Lawsuit Reveals Details of Coinbase Hack

Greenbaum Olbrant filed a revised lawsuit on the 2024 Coinbase hack, revealing new incident details.

The law firm Greenbaum Olbrant has filed a revised lawsuit concerning the 2024 hack of the cryptocurrency exchange Coinbase, which resulted in the theft of data from thousands of the platform’s clients. The complaint unveils new details of the incident.

Previously, it was revealed that the breach was linked to the bribery of employees at the international outsourcing company TaskUS, which provided customer support and moderation services for the exchange. The latest document disclosed the name of a suspected conspirator—Ashita Mishra, an employee at TaskUs’s service center in Indore, India.

The lawsuit claims that from September 2024 to January 2025, she, along with accomplices, stole confidential client data, including social security numbers and bank account information. Mishra then sold this information to hackers, enabling them to impersonate Coinbase employees and defraud victims of cryptocurrency.

According to the case materials, even team leaders and operations managers were involved in the conspiracy. They received $200 per photograph of Coinbase client data. When TaskUs learned of the breach, Mishra’s phone contained information on more than 10,000 exchange clients.

In total, over 69,000 people were affected by the breach, which accounts for less than 1% of active users, as previously reported by Coinbase. The exchange estimated the costs of resolving the incident and compensations at $400 million.

According to Fortune magazine, the alleged masterminds of the scheme were members of a disparate hacker community known as The Comm.

In a comment to the publication following the release of the new lawsuit, a Coinbase representative stated that the exchange had terminated its cooperation with TaskUs:

“We immediately notified affected users and regulators, compensated for the damage, tightened control over suppliers and insider information. We refused to pay the criminals and instead announced a $20 million reward for information leading to arrests and convictions.”

Lawyers from Greenbaum Olbrant emphasized that TaskUs “took measures to silence those who knew about the breach.” In January, the outsourcer dismissed 226 employees working in Indore. The company resorted to this extreme measure because it “could not identify all those involved,” according to the complaint, citing a former outsourcer employee.

Back in May, Bloomberg reported that Binance and Kraken were able to fend off attacks using social engineering methods, which had affected Coinbase.