In September 2025, court filings revealed detailed information about a significant data breach at Coinbase, the largest U.S.-based cryptocurrency exchange, which affected over 69,000 customers and led to estimated losses of up to $400 million.
The breach, which began in September 2024, involved an employee at TaskUs, a Texas-based outsourcing firm providing customer support services for Coinbase, named Ashita Mishra.
Based in Indore, India, Mishra allegedly stole sensitive customer data, including Social Security numbers, bank account details, government-issued IDs, names, addresses, emails, and account balances, by photographing up to 200 customer records daily.
She sold these images to hackers for approximately $200 each, amassing data on over 10,000 customers on her personal device by the time of her arrest in January 2025.
The breach was part of a broader conspiracy described as a “hub-and-spoke” network, where Mishra and accomplices, including team leaders and operations managers at TaskUs, were recruited by a hacker group known as “the Comm,” reportedly composed of young English-speaking criminals.
These hackers used the stolen data to impersonate Coinbase support staff, executing social engineering scams that tricked users into transferring cryptocurrency to fraudulent wallets, with some victims losing their entire life savings or retirement funds.
Coinbase detected suspicious activity in the months leading up to May 11, 2025, when an unknown threat actor emailed the company demanding a $20 million ransom in bitcoin to not disclose the stolen data.
Coinbase refused to pay, instead notifying affected users and regulators by May 30, 2025, terminating its relationship with TaskUs, and firing the involved employees. The company also implemented stricter insider controls, tightened remote-work policies, and offered a $20 million bounty for information leading to the arrest and conviction of the perpetrators.
Affected customers were reimbursed, and Coinbase provided one year of free credit monitoring and identity restoration through IDX, including a $1 million insurance policy.
The lawsuit filed in the Southern District of New York alleges that TaskUs attempted to conceal the breach by firing 226 employees in Indore in January 2025 and dismissing its HR team investigating the incident, accusing the firm of failing to implement adequate security measures like encryption or multi-factor authentication.
TaskUs disputes claims of systemic issues, asserting that only two employees were involved and that it promptly reported the breach to Coinbase. The incident has raised concerns about the risks of outsourcing customer support, with Coinbase facing reputational fallout and ongoing lawsuits, though the company is pushing for arbitration to mitigate financial and publicity damages.
For customers, the risk of identity theft and financial fraud persists, as stolen data may circulate on the dark web. Coinbase advises enabling two-factor authentication preferably hardware-based, using withdrawal allow-listing, and being cautious of unsolicited calls or emails requesting fund transfers.
The breach erodes trust in Coinbase as a secure platform, potentially driving customers to competitors like Binance or Kraken. Public perception of Coinbase’s handling of the incident — refusing the $20 million ransom and delaying disclosure — may further damage its brand.
Reimbursing affected customers and offering $20 million in bounties, alongside legal costs from ongoing lawsuits, strains Coinbase’s finances. Potential regulatory fines from bodies like the SEC or CFTC for inadequate data protection could add further pressure.
Lawsuits in the Southern District of New York, with plaintiffs resisting arbitration, could lead to significant settlements or judgments if Coinbase is found liable for negligence in overseeing its outsourcing partner.
The exposure of Social Security numbers, bank details, and government IDs increases the likelihood of long-term identity theft, fraud, or phishing attacks. Stolen data circulating on the dark web may lead to further exploitation, despite Coinbase’s offer of credit monitoring and $1 million insurance through IDX.
The breach highlights vulnerabilities in outsourcing customer support, likely prompting regulators to impose stricter data protection and cybersecurity standards across the crypto sector. This could raise compliance costs for exchanges.
Other exchanges may reassess their reliance on third-party vendors like TaskUs, potentially shifting to in-house support or more secure outsourcing models with robust encryption and multi-factor authentication.
High-profile breaches can shake investor confidence, potentially leading to short-term declines in cryptocurrency prices or reduced trading volumes as users withdraw funds to self-custody wallets.
TaskUs faces allegations of inadequate security and attempting to cover up the breach by firing employees. This could lead to lost contracts, legal liabilities, and difficulty attracting new clients.
The breach underscores the human element as a critical vulnerability, even in organizations with strong technical defenses. Companies across industries may invest more in employee monitoring, training, and access controls.
The success of “the Comm” in exploiting stolen data via impersonation scams highlights the growing sophistication of social engineering, pushing firms to educate users on recognizing fraudulent communications.
The scale of the breach may spur calls for stronger consumer protections in the crypto space, including mandatory breach disclosures, standardized security protocols, or government-backed insurance for digital assets.
With perpetrators operating across jurisdictions (e.g., India-based employees and English-speaking hackers), international cooperation on cybercrime investigations will be critical, potentially leading to new frameworks for cross-border enforcement.
Coinbase’s response — reimbursements, bounties, and enhanced controls — may mitigate some damage, but the incident underscores the ongoing challenges of securing digital assets in a rapidly evolving threat landscape.
