Molly White (@molly0xfff@hachyderm.io)

33d

Customer lost $350,000 in September 2022 to a phishing attack from a scammer that the customer said had “confidential information that could have only been obtained with direct access to Coinbase’s database”.

#crypto #cryptocurrency #Coinbase

14. Mr. Spilker took many protective measures to keep his account safe. He proactively took steps to secure his account with multifactor authentication safeguards and even purchased and used Yubikey, a hardware authentication device that is supposed to prevent phishing thefts. 15. Mr. Spilker also took adequate steps to protect his account information. He did not share his private keys or password with any third parties.

ALT

42. The thief called Spilker on his cell phone and claimed to be an agent calling on behalf Coinbase to report a security breach. Mr. Spilker was suspicious so requested confirmation that the caller was truly a Coinbase representative. 43. The thief responded by reciting confidential information that could have only been obtained with direct access to Coinbase’s database. 44. Specifically, the thief recited Spilker’s transaction history to him as well as certain account specifications that should have only been known to Coinbase. 45. The thief reported that there was a compromise to his account and stated that Coinbase would convert his Ethereum coins to cbETH in order to protect them.

ALT

1 0 0 View Post & Replies See Original

33d

Coinbase didn’t prevent the suspicious transfers, allegedly wiped customer’s transaction history, blamed the customer for the loss, then refused to reimburse. Arbitration concluded with $0 reimbursement.

#crypto #cryptocurrency #Coinbase

56. To add insult to injury, Coinbase wiped clean the transaction history on his account. This was either reckless destruction or a deliberate tactic to keep Spilker from discovering the full extent of his losses. Case 3:25-cv-02573-LB Document 1 Filed 03/14/25 Page 26 of 134 13 57. Perhaps even more damaging is that it left Mr. Spilker without the requisite documentation to accurately file his taxes. 58. Coinbase went to great lengths to cover up its fraud. Coinbase dismissed his concerns, suggesting that he was conflating the cbETH launch (which permitted unwrapping) with the actual merge (which would permit unstaking). 59. Following a demand for repayment, Coinbase informed Mr. Spilker on February 14, 2023 that it would not reimburse his account, and blamed Spilker for supposedly taking inadequate safety measures.

ALT

Coinbase’s Failures to Take Reasonable Care 61. Coinbase should have prevented these unauthorized transactions based solely on the unusual timing of the consumer having his credentials changed, a demand from Mr. Spilker to lock his account, the previously unused wallet where the funds were sent and the unstaking of assets that were supposedly immobilized. 62. Other cryptocurrency exchanges do not allow these same criminal transfers because those exchanges use standard security measures which include freezing an account when certain actions – such as password changes and attempted transfers to newly linked wallets – occur, until the exchange verifies an account holder’s identity.

ALT

3 0 0 View Post & Replies See Original

33d

Arbitrator found the complaint had been filed too late, and that the customer had admitted that a third party rather than a Coinbase insider had performed the theft. Doesn’t appear the arbitrator investigated the claims of a possible breach, or how the hardware MFA was bypassed.

#crypto #cryptocurrency #Coinbase

Here, it is undisputed that the unauthorized transfers occurred between September 7 and 9, 2022. Thus, Claimant needed to file his Demand by September 7, 2023. Claimant, however, did not initiate this action until January 5, 2024—well over one year later. Claimant’s EFTA claim is consequently barred by the applicable statute of limitations. In its opposition, Claimant contends that the limitations period began running only after Respondent’s refusal to investigate or refusal to refund Claimant’s account. (Opp., at 4-5.) Claimant cites no authority to support its assertion that the statute runs at a later time (such as upon completion of the exchange’s investigation). Moreover, even if the Arbitrator were to adopt Claimant’s unsupported view of the law, the undisputed facts show that Respondent investigated his complaint in September 2022 (the same month as the loss) and informed Claimant on October 1, 2022 following its investigation that his account was compromised by a third party, and that Coinbase was unwilling to reverse the transactions. Even under Claimant’s proposed rule, his claim had to be filed no later than October 1, 2023, still many months before he actually initiated this Arbitration. Second, the undisputed facts show that a third party, not Coinbase, caused Claimant’s damages. Causation is an essential component of all of Claimant’s causes of action. While Claim

ALT

Claimant does not dispute these facts in its briefing. In other words, Claimant’s damages were the result of an intervening and superseding cause: the actions of a third-party scammer. Coinbase, as a matter of law, cannot be held liable for Claimant’s damages. See May v. Google, LLC, No. 24-CV-01314-BLF, 2024 WL 4681604, at *10 (N.D. Cal. Nov. 4, 2024). Third, Claimant’s supplemental production also eviscerates many of Claimant’s other causes of action. For example, in his Demand, Claimant alleges that Coinbase never advised users that staked ETH could be wrapped and traded before his September 2022 loss. In its Motion and Reply, Coinbase previously relied on public statements announcing the launch of cbETH as early as August 2022. Claimant’s belated production, attached to Respondent’s supplemental briefing, also contains undisputed facts that Claimant was himself actually informed about cbETH’s launch before his funds were stolen. This disclosure significantly undermines Claimant’s misrepresentation claims under common law, securities law, and commodities law. Fourth, the parties’ contract forecloses many of Claimant’s causes of action. For example, Claimant’s breach of contract claim is undercut by section 6.6 of the UA, which explicitly apportions the risk of account compromises to Claimant as the user: “Any loss or compromise of . . . your personal information may result i

ALT

Coinbase, about anything, to anyone. As a final example, Claimant’s CLRA cause of action likewise fails, as courts have consistently held that the CLRA does not apply to cryptocurrency exchanges like Coinbase. Jeong v. Nexo Fin. LLC, 2022 WL 174236, at *23 (N.D. Cal. Jan. 19, 2022); see also Suski v. Marden-Kane, Inc., 2022 WL 3974259, at *7 (N.D. Cal. Aug. 31, 2022) (dismissing CLRA claim with prejudice as cryptocurrency was not a “good” and Coinbase’s cryptocurrency exchange was not a “service”); Doe v. Epic Games, Inc., 435 F. Supp. 3d 1024, 1046 (N.D. Cal. 2020) (“Plaintiff’s CLRA claim therefore fails because the virtual currency at issue is not a good or service.”). As other legal issues and undisputed facts bar relief, the Arbitrator need not address the remaining reasons why Claimant’s Demand fails. The Arbitrator joins Respondent in noting that Claimant’s loss is unfortunate, regrettable, and upsetting. Claimant lost considerable funds, was clearly injured, and was the victim of a terrible scammer who feeds off other people’s misfortune and hard work. But the wrong-doer is not a party to this Arbitration. And the law and the parties’ contract ultimately do not make Coinbase responsible for Claimant’s loss based on the circumstances. IV. CONCLUSION Respondent’s Motion for Summary Judgment is GRANTED. Claimant’s claims against Coinbase are dismissed. The final hearing, a

ALT

3 0 0 View Post & Replies See Original

33d

@molly0xfff And once again, the daily possibility of some form of hack is considered absolutely improbable. 😅

Maybe because accepting it would mean a lot of uncomfortable consequences …

Edited 33d ago

0 0 0 View Post & Replies See Original

33d

@molly0xfff God damn. Coinbase stole this guy's money straight up

0 0 0 View Post & Replies See Original

32d

As far as the 'filing too late' is concerned, one must love this tiny item in Coinbase's agreement:

'a. Claimant’s EFTA cause of action is time-barred because the “one-year limitations period begins when the first unauthorized transfer occurs, not upon discovery by the consumer, and not when the consumer notifies the defendant of the unauthorized transfer.” '

So much for having your coins 'peacefully' at Coinbase. You have to stay constantly alert.

@molly0xfff

0 0 0 View Post & Replies See Original