Original: Ben Weiss, "Fortune"

Translation: Yuliya, PANews

In May of this year, Coinbase disclosed that hackers had stolen personal data from thousands of customers and used this information to trick victims into handing over their crypto assets. Coinbase stated that this incident could lead to losses of up to $400 million. According to official statements, the hacking attack originated from an insider at an outsourcing company in India, but the largest cryptocurrency exchange in the U.S. has not revealed specific information about the individuals involved. The latest court documents reveal the identity of a suspect and the role they played in this incident, marking the most severe security breach in Coinbase's history.

According to a revised complaint submitted by the class action law firm Greenbaum Olbrantz on Tuesday, this hacking incident is related to TaskUs employee Ashita Mishra. TaskUs is a publicly traded company based in Texas that primarily provides outsourced customer support for large tech companies and operates in low-cost labor markets. Mishra worked at TaskUs's service center in Indore, India.

The lawsuit alleges that starting in September 2024, Mishra began stealing confidential customer data, including social security numbers and bank account information. She agreed to sell this information to hackers, who then impersonated Coinbase employees to trick victims into transferring crypto assets.

From September 2024 to January 2025, Mishra and another accomplice recruited more TaskUs employees to participate in stealing customer information, forming a "complex radiating conspiracy network" that transmitted Coinbase customer data to criminals via TaskUs computers. The complaint cites a former TaskUs employee stating that even team supervisors and operations managers were involved.

When TaskUs finally realized the problem, Mishra had already saved data from over 10,000 Coinbase customers on her phone. The lawsuit points out that Mishra and her accomplices received $200 for each photo, and sometimes she would take up to 200 photos of Coinbase customer accounts in a single day. Coinbase disclosed in regulatory filings that ultimately over 69,000 customers were affected.

According to previous reports by Fortune, the masterminds behind this bribery scheme appear to be young individuals in their teens or early twenties, affiliated with a loosely organized hacking group called "the Comm."

The allegations regarding data theft starting in September 2024 are significant, as Coinbase had previously stated that the attack occurred in late December.

In another noteworthy development, TaskUs claimed this month that not only external vendors but also Coinbase internal employees were involved in this hacking incident, although the company did not provide further details.

After the incident was exposed, a Coinbase spokesperson told Fortune: "We immediately notified affected users and regulatory agencies, compensated affected customers, strengthened controls over vendors and internal personnel, and terminated our relationship with TaskUs. We refuse to pay ransom to criminals and instead established a $20 million reward for information leading to the arrest and conviction of the suspects."

TaskUs did not immediately respond to the revised complaint. Fortune was also unable to immediately find contact information for Ashita Mishra.

TaskUs had previously told Fortune: "The company considers the security of customer and user data to be a top priority and will continue to strengthen global security protocols and training programs."

A Series of Cover-Up Actions

The story depicted in the lawsuit is the most detailed account to date regarding one of the largest cryptocurrency hacking incidents of this year and the most severe breach in Coinbase's over ten-year history.

Other plaintiff attorneys have previously sued Coinbase over this hacking incident, and Coinbase has been pushing to have these lawsuits included in arbitration proceedings. Arbitration has historically helped companies mitigate financial losses and negative public opinion, which may explain why the class action law firm chose to sue the outsourcing company TaskUs rather than directly suing Coinbase.

In the complaint, the law firm accuses TaskUs of "taking measures to silence informants." According to previous reports by Fortune, in January of this year, TaskUs fired 226 employees in Indore. The lawsuit cites a former employee stating that the company took this extreme measure because the conspiracy group "had so thoroughly infiltrated the TaskUs system that the company could not identify all the individuals involved."

Additionally, on February 10, TaskUs decided to fire the human resources team originally responsible for investigating the leak incident. The lawsuit claims that this action was part of a "series of cover-up actions."

The new court documents submitted by Greenbaum Olbrantz are a revised version of the initial complaint filed in May, about two weeks after Coinbase disclosed the hacking incident. The law firm has previously initiated several high-profile lawsuits, including accusations against airlines for selling "window seats" while actually seating passengers next to walls without windows.

Coinbase has attempted to consolidate this lawsuit with all hacking-related cases against the exchange. TaskUs has filed a motion to dismiss the lawsuit and prevent it from being included in a larger consolidated lawsuit.

Carter Greenbaum, co-founder of Greenbaum Olbrantz, stated in a release: "Our revised complaint unprecedentedly reveals how this data breach occurred, and we will continue to work to hold all responsible parties legally accountable."

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。