Ashita Mishra of TaskUs accused in Coinbase hack
Ashita Mishra, a TaskUs employee, has been detained in India in connection with the largest hack in Coinbase’s history. Court filings describe how customer data was stolen and outline the role of staff at TaskUs’ Indore office.
In May, Coinbase disclosed a major hack in which criminals stole customer data and used it to trick victims into giving away cryptocurrency. The total damage to the exchange is estimated at $400 million. Until recently, the details about those responsible remained unknown, but a new court filing revealed a key suspect: 28-year-old Ashita Mishra, an employee of the Indian outsourcing company TaskUs.
TaskUs is a Texas-based company that provides outsourcing support to large IT companies, including Coinbase, through its service centers in India. According to an amended complaint filed by a class-action law firm, Mishra and an accomplice recruited colleagues to steal customer data starting in September 2024. The operation involved the transfer of Coinbase client information to hackers. The complaint also alleges that even TaskUs executives and managers may have been involved in the conspiracy.
The stolen information included names, phone numbers, email addresses, Social Security numbers of U.S. customers, and bank account details. The hackers used this information for phishing attacks, posing as Coinbase staff to trick customers into transferring their cryptocurrencies to third-party wallets.
A key link in the investigation was Mishra's mobile phone. It contained data from more than 10,000 Coinbase clients, as well as correspondence and technical logs. According to the lawsuit, she and other members of the scheme received $200 for each photo of a screen with a client's account, sometimes taking up to 200 shots per day. According to Coinbase, about 70,000 clients were affected.
The masterminds of the scheme were young members of the hacker group "Comm." The lawsuit also claims the data theft began in September 2024, earlier than the exchange officially reported.
Following the breach, TaskUs fired more than 200 employees in Indore, but not all participants were identified. The lawsuit also alleges a “pattern of concealment” by company management.
Coinbase said it tightened control over outsourcers, refused to pay the criminals, and offered a reward for assistance with the investigation. TaskUs claims it is reviewing security protocols but provided no further details.
Recommended