Coinbase Contractor Taskus insiders have stolen sensitive data from over 69,000 users, promoting a $400 million fraud scheme.
The lawsuit alleges that Taskus concealed the violation, but Coinbase offers identity protection amid ongoing risks.
New, unsealed court filings and state records reveal details about a massive data breaches at Coinbase, one of the world’s largest cryptocurrency exchanges. The incident traced employees of Coinbase customer service contractor Taskus, revealing sensitive data from more than 69,000 customers, resulting in an estimated loss of $400 million.
Insider Violation and Crime Plans
According to the submission, Taskus employee Ashita Mishra stole Coinbase user data from December 2024. It is said that she used her personal phone to photograph her Social Security number, bank account details and government ID from her Coinbase account. She then sold these images to hackers for $200 each.
Hackers used the stolen information to impersonate Coinbase staff as phone calls and emails to transfer funds to users. Some customers have lost all their retirement savings, according to documents.
The violation was discovered on May 11, 2025, but Coinbase did not notify affected users until May 30, 2025. By then, the attackers had already discharged many accounts.
State violation notification application
Coinbase confirmed the scope of the incident in a data breach notification filed with Maine regulators.
- Total individuals affected: 69,461
- Affected Maine residents: 217
- Violation date: December 26, 2024
- Discovered date: May 11, 2025
- Cause: Insider’s fraud
- Notification Method: Written Notice Sent on May 30, 2025
- Identity Protection Services: One year free credit surveillance and IDX repair from IDX, including $1 million insurance contracts and dark web surveillance
This submission was filed by Michael Rubin, an attorney for Latham & Watkins LLP, acting as external counsel for Coinbase.
Taskus claims of cover-up
The lawsuit alleges that it learned of the illegal activity in January 2025 but attempted to contain the damage by firing more than 300 employees and disbanding an internal investigation team instead of disclosing the violation. Plaintiffs accus Taskus of negligence, fraud and breach of contract.
Although Taskus initially downplayed the violation as a “two individual” job, investigators argue that the scheme relates to a wider network of employees and supervisors.
Coinbase response
Coinbase said it cut connections with the Taskus staff involved and “Rogue’s overseas support agent” will take responsibility. The exchange has committed to providing free identity protection services to all affected customers and strengthening internal controls.
Still, the victims are at risk. The lawsuit also continues to attempt fraud, with some customers fearing physical harm now that their home address and bank details have been exposed.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
