Coinbase Hack in January: Key Details Revealed

In the latest update on the $400 million Coinbase hack, a court filing has revealed that an insider played a role in the breach. A dishonest customer support agent in India accepted a bribe from cybercriminals to access internal systems, putting the personal information of over 69,000 customers at risk.

This incident shows the increasing concern about human-factor vulnerabilities in cybersecurity and the need for strong measures to prevent such breaches.

Coinbase Hack: New Details Revealed

In a recent post on X , reporter Wu Blockchain shared information about the Coinbase hack reported in May 2025, resulting in the loss of nearly $400 million. A court filing submitted by the class-action law firm Greenbaum Olbrantz on Tuesday connects the breach to Ashita Mishra, a former employee of the exchange's Indian customer service contractor, TaskUs.

Notably, the filing states that the insider has been stealing sensitive data from the exchange customers. As per the filing, Mishra and another accomplice recruited other TaskUs employees to steal customer data in a “sophisticated hub-and-spoke conspiracy that funneled…customer data from TaskUs computers to criminals.”

When the service contractor discovered Mishra’s involvement in the attack, the insider’s phone contained sensitive information of over 10,000 customers. As per the recent complaint, Mishra and others were paid $200 per screenshot or photo of customer accounts. Reportedly, she has taken up to 200 photos daily, affecting more than 69,000 customers.

When Did the Attack Actually Take Place?

Though publicly reported in May, the Coinbase hack actually took place in December 2024, as the crypto exchange revealed. In May, the incident surfaced as the platform revealed that the attackers’ attempted to threaten the team. While the hackers asked for a $20 million in Bitcoin, threatening to release sensitive data, CEO Brian Armstrong denied it and assured customers that only 1% of users were impacted. The exchange added, “No passwords, private keys, or funds were exposed, and Coinbase Prime accounts are untouched.”

Reportedly, TaskUs identified the misconduct in January and terminated over 300 employees, dismantling its internal investigation team. However, they failed to disclose the attack.

The plaintiffs accuse TaskUs of negligence, fraud and breach of contract. Initially, the company downplayed the breach, attributing it to 'two individuals,' but investigators claim it involved a larger network of employees and supervisors, contradicting its' initial assessment.