Coinbase Fails to Protect Users’ Crypto Accounts from Theft, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

Coinbase faces a proposed class action over its apparently poor track record of safeguarding users’ cryptocurrency accounts from unauthorized access and theft and then helping out those whose assets have been stolen. 

The 33-page complaint out of California alleges that Coinbase, the largest crypto exchange in the U.S. by trading volume, has failed not only to protect user accounts from “unlawful intrusion and thievery” but to mitigate the effects of thefts after they happen. The suit claims that Coinbase essentially forces theft victims to “navigate a faceless and impenetrable automated ‘customer service’ process that leads nowhere.” 

Although Coinbase is “acutely aware” of these “endemic” problems, and has paid fines to regulators, the theft problems plaguing the self-proclaimed “most trusted crypto exchange” persist while users “continue to be fleeced by hackers” who break into Coinbase’s systems, according to the case. 

The plaintiff, a Connecticut Coinbase user, says he purchased several hundred thousand dollars-worth of Bitcoin and believed his investment would be safe stored in an electronic “wallet” on the defendants’ platform. In April 2022, however, hackers accessed the plaintiff’s account, “through no fault of his own,” and locked him out, after which they stole roughly $200,000 of “his family’s hard-earned savings,” the complaint says. 

When the man contacted Coinbase, the company directed the plaintiff through its automated complaint process, which the suit describes as “a recursive loop of impenetrable screens” that in no way allowed the user to explain his situation to a human being. 

“Coinbase refused to repay Plaintiff,” the case claims. “Nor did it remedy its internal security problems that led to Plaintiff’s losses.” 

Between March and May 2021, hackers accessed more than 6,000 Coinbase customer accounts and transferred the individuals’ funds off the platform, the lawsuit shares. The breach reportedly occurred as a result of hackers taking advantage of Coinbase’s SMS account recovery process, which involved a one-time authentication code a user would need to input to create a new password for their account, according to the complaint. 

Following the incident, Coinbase claimed that it beefed up its SMS account recovery protocols to prevent further bypassing of the authentication process, and that it had refunded customers whose assets were stolen during the hack, the lawsuit relays.

The case charges, however, that whatever security upgrades Coinbase implemented after the 2021 incident, including an outsourced security program called Google Authenticator, have been insufficient to protect users in the time since. 

Ultimately, Coinbase admitted to the plaintiff that whoever accessed his account and drained his Bitcoin had obtained the correct Google Authenticator code to gain access, the suit says. This is important, per the complaint, because the plaintiff “logged into Coinbase through his phone, and his phone never left his control during the attack.” 

“In light of these facts, the only explanation for how Plaintiff’s account was emptied is that a third party—either a hacker or Coinbase employee—was able to see Plaintiff’s Google Authenticator Code on Coinbase’s system because Coinbase did not take sufficient care to prevent access to that information.” 

As the lawsuit tells it, Coinbase’s “intransigence” in refusing to refund the plaintiff could stem from an “unlawful” disclaimer of liability buried in the middle of more than 45,000 words that make up the user agreement on the defendants’ website. 

The case looks to cover all current and former Coinbase users and/or consumers in the United States who registered for a Coinbase account from April 1, 2021 through the date the class is given notice, and who maintained funds and/or cryptocurrency in their Coinbase accounts and were subsequently deprived of access to or lost their assets. 

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.