Recent class action lawsuits filed against popular crypto exchange Coinbase accuse the service of cybersecurity failures and misuse of fees that were ostensibly to be put toward safeguarding accounts. In addition to crypto theft incidents, at least one of the suits alleges that Coinbase locked customers out of their accounts arbitrarily during windows in which they sought to make opportune trades.
Biggest US crypto exchange hit with lawsuits over pilfered funds, account lockouts
A suit filed in the U.S. District Court for the Northern District of Georgia alleges that the crypto exchange harmed its users with arbitrary account lockouts, and that it violated federal law by listing securities on the platform. Coinbase has been seeking SEC approval to become a licensed brokerage for some time, and filed a self-registration statement in May of this year in a bid to reduce its regulatory risk. This suit also makes allegations of failures to prevent crypto theft in a variety of cases.
Another New Jersey lawsuit echoes the charges of unregistered securities trading, and adds that Coinbase misled users in not notifying them that it could potentially seize their assets if the company were to go bankrupt. Along with these two class action suits, there are a number of smaller suits of this nature that are in arbitration.
The Georgia suit uses a 2019 case of a customer being locked out of their account for six months as one of its lead examples of arbitrary access issues. When a Coinbase user is locked out of their account they are asked to contact the crypto exchange’s support team, and if that does not resolve the issue they are directed to a formal complaint process that can apparently take a long period of time to resolve. The complaint alleges that this is primarily caused by the crypto exchange’s rapid growth in recent years and a failure to keep up with customer traffic.
Lawsuits allege endemic security failings, point to crypto theft incidents
The suit also addresses crypto theft along these lines, alleging that Coinbase’s general failure to keep up with its growth has led to failure to establish and maintain adequate cybersecurity measures. The crypto exchange generally has a positive reputation for security, but has experienced several data breaches as recently as last year. An October 2021 attack saw about 6,000 Coinbase accounts compromised after hackers were able to exploit a flaw in the multi-factor authentication system, though the crypto exchange stated that it believes login information was stolen or phished from outside sources in these cases. Coinbase reimbursed customer losses in that case. The platform was also breached twice in 2019 in separate incidents, one of which involved about 3,500 plaintext user passwords stored on a server log.
However, the lawsuits tend to cite individual crypto theft incidents rather than more general data breaches of this type. One of the lead plaintiffs in the class action suits, George Kattula of Georgia, says that an account he opened in January 2022 with a purchase of $6,000 in crypto funds was breached three months later and emptied. Coinbase was only able to recover $1,000 of the funds in that case. Another plaintiff in a California suit, Manish Aggarwal, says that he lost about $200,000 to hackers earlier in the year and was put through a “recursive loop” of automated systems when he tried to obtain assistance from the crypto exchange that ultimately provided no help.
Some of the plaintiffs in the class action lawsuits allege that these account lockouts and platform stability/security issues tend to flare up during periods of market volatility, when crypto exchanges would rather not deal with a “run” of users looking to move or withdraw assets.
The crypto exchange was already dealing with several lawsuits prior to the SEC initiating a probe in July of this year, but that action seemed to break the dam open for claims against the company. The SEC has charged a former company manager with insider trading, as he allegedly made use of privileged information about upcoming token and asset launches. The most substantial of the lawsuits thus far is seeking a minimum of $5 million in damages for crypto theft compensation and lost trading opportunities.
The crypto market in general has had serious issues this year, and Coinbase has not been spared. The crypto exchange announced it was cutting about 1100 jobs in June due to the ongoing “crypto winter,” which CEO Brian Armstrong has said he expects to last for at least another year. But crypto theft issues have thus far been the province of decentralized finance (“defi”) networks, due to a combination of issues: rampant scams, insider schemes and weaker “proof of stake” security systems that hackers have found easier to penetrate.