coinbase hacking what to do
Published On: February 28, 2023

Victims of Coinbase Account Hacking Have Rights

Stoltmann Law Offices, P.C. is a Chicago-based securities, investor protection, and consumer rights law firm that offers victims representation on a contingency fee basis nationwide. We have represented dozens of victims who have had their crypto currency stolen out of their Coinbase accounts by fraudsters. These crooks infiltrate Coinbase customer accounts, one way or another, and then transfer Bitcoin or other crypto assets to third party wallets through the blockchain. When these investors complain to Coinbase that their accounts were robbed, Coinbase apologized but tells victims that Coinbase’s user agreement disclaims all liability and responsibility for monetary losses in connection with account hacking. Victims are left stunned that unauthorized access to their accounts, including transfers to unauthorized third parties, was allowed. If your Coinbase account was hacked and you had assets stolen from you, then you could have a claim to pursue against Coinbase through arbitration.

Coinbase Account Hacking Incidents are Not Going Away

It has recently been reported that Coinbase suffered a massive data breach between March 2021 and May 2021. This data breach resulted in tens of thousands of Coinbase user account information being disclosed and also revealed a flaw in Coinbase’s API which was exploited by hackers. This flaw allowed a hacker to view Coinbase account holder balances, meaning it was essentially allowing hackers to window shop for victims before targeting users for either a SIM-Swap or a phishing scam to gain access to the user’s accounts through fraudulent means.

Coinbase account hacking is not going away. Just last week, a phishing attempt through SMS was made on Coinbase employees. This attack, which apparently did not lead to any user accounts being compromised, involved a scam artist sending an SMS message or alert to Coinbase employee cell phones with a link stating that they need to verify their credentials. Once the link was clicked, the victim was thanked and nothing else happened. One employee clicked the link, and after that, multiple attempts to breach the employee’s Coinbase account were made remotely.

The anonymous and relatively untraceable nature of crypto, specifically Bitcoin and Ether, even in a more depressed market, make crypto the darling currency of the criminal underworld. The fact that blockchain transactions are allegedly irreversible makes it all the more critical that Coinbase protect its customer accounts with common-sense safety measures, like delayed transfers to un-trusted or non-whitelisted wallets. Coinbase account hacking will continue as long as Coinbase continues to make it too easy for wrongdoers to gain access to client accounts and steal.

Coinbase is Regulated and Must Follow Federal Laws

Coinbase is lightly regulated to say the least. But it is a money services business and is registered with FinCen (the U.S. Department of the Treasury, Financial Crime Enforcement Network). On its website, Coinbase admits that it is required to comply with any number of laws and regulations, including on a state by state basis in which they operated, along with the U.S. Bank Secrecy Act, and the U.S. Patriot Act. Coinbase is not a bank or brokerage firm so although it is regulated, as far as financial services are concerned in the United States, entities like Coinbase are on the fringe of regulation. Crypto is already the wild-wild west of the quasi-securities world and Coinbase is a primary facilitator of that market. Still, Coinbase must follow certain regulations, including what are generally known as the “Know Your Customer” (KYC) Rule and anti-money laundering (AML) rules and regulations. At the state level, in Illinois for example, Coinbase is licensed as a Money Transmitter through the Illinois Department of Financial and Professional Regulation. Just recently, the New York State Department of Financial Services hit Coinbase with a $100 million fine for multiple compliance-related failures and shortcoming.

Coinbase Account Hacks Usually Follow a Familiar Playbook

The way Coinbase customer account hacks work typically follows this playbook. First, through some means a hacker gets into your Coinbase account. This usually from a SIM Swap or a phishing scam where a Coinbase customer believes they are communicating with a Coinbase employee but instead are working with an imposter, or some other illicit means. Next, the hacker gets into your email and changes your credentials so that emails from Coinbase are either blocked, go immediately to junk, or just outright change your password so that you can’t get into your email. Then they get into your Coinbase account, usually from some IP or through a VPN that is not geographically located anywhere near the user. Red Flag No. 1. Then once into the account, and after likely going through a password change and “new device” verifications, (Red Flags 2 and 3), the hacker sells whatever crypto you have and converts it all to either BTC or ETH (Red Flag 4). Immediately, the hacker will then transfer the newly minted BTC or ETH to an anonymous wallet, sometimes in tiny increments through hundreds of transactions. (Red Flag 5). If something like this were to happen at a fully regulated banking institution or brokerage firm, compliance people responsible for monitoring transactions like this would lose their jobs. But at Coinbase it is likely, if the accounts were being monitored at all, that the person doing it was unqualified.

Victims of Coinbase Account Hacking May Have Legal Claims to Pursue

Like our cases against AT&T, T-Mobile, and Verizon for losses in connection with SIM Swap scams, claims against Coinbase have to be brought through the American Arbitration Association (AAA) Consumer Rules process. First though, customers have to comply with a specific pre-dispute complaint process or risk having their case thrown out of arbitration for failing to comply with these policies. If you had more than $50,000 stolen from you as a result of your Coinbase account being hacked or accessed, you should call Stoltmann Law Offices, P.C. at 312-332-4200 for a no-obligation, initial consultation with an experienced arbitration attorney. We are a contingency fee law firm which means we do not get paid unless you do.


The posting on this site are mere OPINIONS and NOT statements of fact in any way whatsoever. The information should not be relied upon and there have been no findings made against the firms or individuals referenced on this site. In addition, this Blog is made available for educational purposes only and incorporates information from the web as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and Stoltmann Law Offices (161 N Clark Street 16th Floor Chicago, IL 60601). The Blog opinions should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.


Chicago Investment Fraud Attorneys Offering Nationwide Representation to Investors

If you have suffered financial losses because of the negligence or fraud of your financial advisor or broker through unsuitable investment recommendations, over-concentration, churning, misrepresenting risks, conversion or selling away, you have legal rights and options to pursue recovery of those losses.

Stoltmann Law Securities Investment Fraud Attorneys