Explosive New Allegations Emerge in Coinbase Hack Tied to TaskUs Employee

BREAKING: Fresh accusations rock the crypto world as investigators uncover deeper connections between the Coinbase security breach and a TaskUs contractor—raising serious questions about insider threats in digital asset security.

THE INSIDE JOB?

Sources reveal the alleged perpetrator exploited privileged access to bypass multiple security layers—not exactly the decentralized protection crypto enthusiasts love to champion. The breach exposes the ironic vulnerability of centralized exchanges despite their promised fortresses.

REGULATORY FALLOUT INBOUND

Watchdogs already sharpen their claws—expect another round of 'we-told-you-so' from traditional finance skeptics. Because nothing makes old-school bankers happier than crypto self-sabotage.

SECURITY THEATER MEETS REAL-WORLD CONSEQUENCES

While exchanges preach impenetrable security, one employee with access proves enough to threaten millions. Maybe next time they'll invest in actual security instead of just marketing it.

TaskUs employee allegedly sold customer data

The latest lawsuit alleges that Ashita Mishra, a TaskUs employee in Indore, India, sold confidential customer data, including Social Security numbers and bank details, to a phishing hacker group. She also recruited other TaskUs employees to carry out the breach in a style described as a hub-and-spoke conspiracy. The investigators uncovered over 10,000 Coinbase customer data points on Mishra’s phone. Mishra was allegedly paid $200 per data record, which she captured for up to 200 customers. 

The hacker group behind the breach was associated with a loose group called ‘the Comm,’ who used the stolen data to impersonate Coinbase staff and deceive customers into giving up their crypto holdings. According to the latest findings, the breach was disclosed in May. The petitioners argued that TaskUs took extra steps to hide the extent of the compromise, including the dismissal of 226 employees in January and the termination of its internal HR team.

TaskUs has been accused of misleading regulators by downplaying the breach in its February FORM 10-K filing. The filing omitted any revelation of a material incident despite the outsourcer later dismissing hundreds of staff linked to the breach. The Indian vendor allegedly continued to assure the regulators that it faced no material breach even as it pursued a $1.6 billion buyout deal with Blackstone. 

Coinbase has distanced itself from the vendor. It immediately notified the regulators and affected customers, reimbursed the impacted accounts, tightened the internal controls, and ended its partnership with TaskUs. In a statement by a Coinbase spokesperson, the exchange refused to pay the criminals and instead created a $20 million reward for information leading to the arrest and convictions.

Coinbase says the vendor actions were systemic

TaskUs, headquartered in Texas, has not yet responded to the accusations but has previously reiterated its commitment to safeguarding client data and confirmed that it has strengthened its security protocols. Coinbase alleged that TaskUs’ actions were systemic and not isolated, citing violations of Section 5 of the FTC Act, which covers unfair practices.

Regulators are expected to take the next step to assess whether TaskUs used sufficient safeguarding methods, such as encryption or multi-factor authentication. They will also assess whether the risk could be avoided and whether the breach exposed customers to identity theft or financial loss. Coinbase, on the other hand, has received multiple lawsuits from the affected customers, although the exchange has so far sought to consolidate the claims and MOVE the case to arbitration. 

Cryptopolitan reported in May that Binance and Kraken may have also been involved in social engineering attacks similar to Coinbase’s. The report stated that hackers attempted to bribe Binance employees to steal sensitive information, even sharing Telegram contacts to coordinate.

Binance utilized AI-driven monitoring to flag and stop the conversations, alongside limiting access to user data for verified customer-initiated calls. Kraken, on its part, denied the allegations, saying it had already warned Coinbase of suspicious activities before its breach. 

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.