A new court filing has identified a TaskUs employee, Ashita Mishra, as a central figure in the May breach that exposed thousands of Coinbase customer records.
The amended complaint, brought by the law firm Greenbaum Olbrantz, alleges that Mishra began stealing sensitive data in Sept 2024 while working at a TaskUs service centre in Indore, India.
Allegations against a TaskUs worker
The stolen information, which included personal and financial details, was allegedly sold to hackers who used it to pose as Coinbase support staff and deceive customers into giving away their crypto.
The filing claims employees took photos of account data and passed them to a criminal group that then carried out the scams.
The amended complaint filed Tuesday ties Mishra to the scheme. It says she began taking confidential customer data in Sept 2024, and the data included Social Security numbers and bank details. Mishra allegedly agreed to sell that material to outside criminals.
The complaint says she and another person then brought in co-workers to copy account info. Team leaders and some managers are alleged to have taken part, according to a former TaskUs employee cited in the suit.
How the theft worked?
From Sept through Jan, the complaint claims a hub-and-spoke network moved data off TaskUs systems and into criminal hands. Mishra’s phone reportedly held information for more than 10,000 Coinbase customers and could have earned $500,000.
The filing says workers were paid $200 per photo, and on busy days, an employee could take as many as 200 photos of customer accounts. Coinbase later told regulators that more than 69,000 customers were impacted.
Criminal group and money flow
The complaint links the buyers to a loose group of hackers known as the Comm. Prosecutors and reporters have said members of that group are often teenagers and people in their 20s.
On August 30th, our journalist reported, that the hackers who drained over $300 million from Coinbase used Tornado Cash to mix large Ethereum transfers, which hides transaction paths.
Company responses
Coinbase has said it told users and regulators right away. The exchange says it reimbursed affected customers and tightened controls, and it ended its contract with TaskUs and set up a $20 million reward for tips that lead to arrests. A Coinbase spokesperson also said the company refused to pay the criminals.
TaskUs has pushed back in public statements, and the outsourcer says it is strengthening security and training and that it acted when it discovered suspicious activity.
TaskUs also told the media that Coinbase employees may have been involved, though the company has not released detailed evidence of that claim.
Legal fallout
Greenbaum Olbrantz brought the amended suit after an initial complaint in May. The firm argues the filing gives the clearest view yet of how the breach unfolded.
Coinbase has tried to move related lawsuits into arbitration, a move that can limit exposure and slow public court proceedings. That push likely influenced the law firm’s decision to sue TaskUs instead of suing Coinbase directly.
TaskUs later fired 226 staff members at its Indore site. The complaint says the conspiracy had so many participants that the company could not identify them all. TaskUs has moved to dismiss the lawsuit and to keep this case out of a larger consolidation of hack-related claims.
Other linked incidents
Also, Coinbase lost $300,000 in accumulated token fees when a hostile MEV bot exploited their corporate DEX wallet due to a botched interaction with the 0x Project’s “swapper” contract.
Separately, investigators arrested Rahul Agarwal, a 30-year-old Inidan engineer from Bengaluru, India on July 26 in connection with a $44 million theft from CoinDCX. These events add context to an active year of hacks and high-value thefts in the sector.
What comes next?
The amended complaint asks courts to hold TaskUs accountable and to uncover more details about who else took part.
Regulators and police could use the filing to guide further probes. Coinbase and TaskUs say they will keep tightening controls and cooperating with authorities.