Court filings in New York have identified Ashita Mishra as a key suspect in a major data breach affecting Coinbase customers, alleging that employees at outsourcing firm TaskUs accepted over $500,000 in bribes to leak sensitive information. The amended class-action complaint, filed in the Southern District of New York, expands on earlier disclosures about criminals infiltrating Coinbase’s support operations in India.
The scheme involved TaskUs employees being paid $200 per photo to capture customer data displayed on their screens, with Mishra allegedly storing personal data from more than 10,000 Coinbase customers on her phone and taking up to 200 photos daily. The conspiracy operated from September 2024 until its discovery in January 2025, using a "hub-and-spoke" model where Mishra and an accomplice directed smaller groups of employees to collect and pass along user records.
Plaintiffs accuse TaskUs of systemic failures and concealment, alleging the company dismissed around 300 staff in January but attempted to silence insiders who raised concerns. The breach resulted in estimated losses between $180 million and $400 million in customer assets, with Coinbase only going public about the incident in May 2025 despite knowing about it in January.
Coinbase has notified regulators and affected users, reimbursed losses, and implemented tighter security controls, including terminating relationships with TaskUs personnel and other overseas agents. The case highlights significant risks in outsourcing critical customer functions in the crypto industry, potentially reshaping how exchanges manage offshore operations.