Class Action Alleges Coinbase Failed to Protect EU Customer Accounts from Hackers, Improperly Locked Users Out of Wallets

New to ClassAction.org? Read our Newswire Disclaimer

Coinbase faces a proposed class action filed on behalf of European Union-based (EU) accountholders that claims the major cryptocurrency exchange platform failed to provide adequate security to prevent users’ accounts from being “hijacked” and drained by hackers.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 30-page lawsuit alleges that though it touts itself as a “safe, trusted” platform where customers can buy, sell and trade cryptocurrency with ease, Coinbase—which is operated by defendants Coinbase Global, Inc. and subsidiary Coinbase, Inc.—lacked sufficient security procedures and staffing to protect users’ “wallets,” or accounts, from “widespread successful hacking and fraud.”

In addition, the suit contends that when Coinbase customers reported unauthorized activity in their accounts, the company wrongfully locked them out of their wallets and barred them from accessing their funds for long periods or, at times, permanently.

Lack of access to a Coinbase account and the funds therein can lead to serious financial loss due to the “extreme volatility of cryptocurrencies’ value,” as “freefalls of 40% within 24 hours” have been known to occur, the case explains.

As a result of the defendants’ actions, countless users have had their assets stolen from their Coinbase wallets and then been locked out of their accounts after reporting the fraudulent activity, the complaint charges.

What’s more, Coinbase has also benefitted financially from class members’ misfortunes, as the company charges users fees of at least $3 each time a transfer or funding transaction is made in an account, regardless of whether it is authorized by the accountholder, the filing contends.

Per the lawsuit, the writing was on the wall for Coinbase when a May 2020 examination by the New York State Department of Financial Services (DFS) concluded that the company’s compliance system failed to keep pace with the massive growth of its user base and, by the end of 2021, had a significant “backlog of unreviewed transaction monitoring alerts.”

The suit claims that the company’s failure to adequately monitor customer activity and transactions exposed users to a heightened risk of exploitation by criminal third parties.

In a January 2023 consent order, the DFS found that Coinbase’s customer onboarding practices were particularly concerning, the case relays. The agency determined that the company’s lack of knowledge about its customers—that is, the nature of a user’s business, their verified identity and source of funds—exposed the platform to a greater money laundering and terrorist financing risk, the complaint shares.

In addition, the DFS found deficiencies in Coinbase’s record-keeping and reporting of suspicious activity, the filing says.

“For example, Coinbase was unable to meaningfully respond to the Department’s request for data related to suspicious activity identification, tracking, and reporting that took place in 2018 and 2019 because it did not adequately track or retain that information,” the lawsuit reads.

As the suit tells it, proper and timely investigations of user reports of unauthorized transfers and theft would have “easily led Coinbase to the conclusion that widespread fraud had occurred, and was continually occurring.”

The plaintiff, a French citizen and Coinbase accountholder since 2020, claims his wallet was hacked in August 2021 by an unauthorized third party who sold his cryptocurrency, opened a credit card and withdrew all his cash. The loss the man sustained totaled approximately €11,000, the case says.

After reporting the fraudulent transactions to Coinbase, the plaintiff was “immediately locked out of his account, was granted 24 hours of access and then was locked out again,” the complaint states. Per the filing, the company never credited the man’s stolen funds.

Though the case detailed on this page only covers EU citizens, a case from 2022 looks to represent a class of U.S.-based accountholders who have had similar experiences.

The lawsuit looks to represent current and former Coinbase wallet accountholders in the European Union who, since August 9, 2019, transacted or maintained funds and/or cryptocurrency in their wallet accounts and had such assets stolen as a result of the defendants’ actions and/or failure to implement adequate security measures to protect user assets.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.