The man, Ben, says it’s still missing despite his appeals to Coinbase, the FBI, the Securities and Exchange Commission (SEC), the Consumer Financial Protection Bureau (CFPB), the Financial Crimes Enforcement Network (FinCEN), lawmakers, and the Better Business Bureau (BBB). In order for Ben to comply with a policy of his employer, we have not used his full name to protect his anonymity.
Ben’s loss is one of dozens reported over the past five years concerning breached accounts on the popular trading platform, which started trading publicly on Wednesday, April 14, and has become the world’s most popular exchange for buying and selling digital currencies. While its popularity may make it a target, Coinbase is not the only cryptocurrency trading platform with consumer accounts that have been hacked.
For its part, Coinbase emphasizes the trading platform itself has never sustained a breach by hackers. Moreover, Coinbase says, unauthorized transactions are rare. In 2020, just 0.004% of customers experienced transactions where their email accounts were taken over, SIM swaps attacks occurred on their cellphones, or other personal information unrelated to Coinbase was breached, according to Coinbase.
“It has become harder and harder to protect all of your online accounts, given the amount of personal information that has become available to bad actors,” Coinbase chief technology officer Philip Martin acknowledged in a recent interview with Yahoo Finance.
He added, “Coinbase acknowledges that these are terrible crimes that can have a significant impact on consumers and believes more awareness and education on how to protect online accounts is critical.”
Victims knock on ‘every possible door’
Still, two legal experts say the U.S. legal and regulatory system does little to compel Coinbase as well as other exchanges to adopt even stronger safeguards for consumer accounts or to refund stolen account assets. These practices stem from “absolutely horrible” laws, arbitration clauses, and virtually zero law enforcement, according to Max Dilendorf, a lawyer who represents cryptocurrency investors.
“They don’t work. It’s just so frustrating,” he said. “I see cases where people lost life savings, then they knock on every possible door.”
Ben is still knocking, and like many cryptocurrency investors, to no avail. In an interview with Yahoo Finance, he described scrambling to deactivate his account following what he thought was a typical sign-in using two-factor email authentication generated from Coinbase’s email address.
“I watched in real time as my portfolio went down and down in value,” Ben said. “From the time I logged in, to the time I deactivated, it was nine minutes. And in those nine minutes, there were four minutes with 18 separate transactions.”
The rapid-fire transactions in Ben’s case consolidated all of his virtual currencies — including bitcoin (BTC), ethereum (ETH-USD), litecoin (LTC-USD), zcash (ZEC-USD), augur (REP-USD), stellar (XLM-USD), dai (DAI), and chainlink (LINK-USD) — into bitcoin cash (BCH-USD), then exported the funds to an external account, he said.
Ben notified Coinbase, which he said prompted a series of frustrating reply emails that appeared to have the hallmarks of bot, rather than human communications. Then came the devastating news: Coinbase said it was unable to reverse the transactions, attributed the loss to a “remote takeover” of his desktop computer, and advised him to report the matter to law enforcement.
He said Coinbase’s explanation that his funds were taken during a remote takeover of his computer seem puzzling because he used…