CORAL SPRINGS, Fla., Dec. 7, 2022 /PRNewswire/ — Since 2018, Silver Miller (www.SilverMillerLaw.com) — one of the leading cryptocurrency investor law firms in America — has been aggressively investigating, prosecuting, and resolving hundreds of cases related to account intrusions at cryptocurrency platforms based in the United States. Silver Miller is currently investigating a potential security breach related to numerous account compromises at popular cryptocurrency exchange Coinbase. If you suffered an account intrusion at Coinbase and would like to discuss our investigation, please contact us by e-mailing David Silver of Silver Miller at [email protected] or by calling (954) 516-6000.
On or about September 24, 2021, Coinbase disclosed a purported data breach that had occurred between March 2021 and May 2021, wherein intruders gained unauthorized access to Coinbase customer accounts and moved customer funds off the Coinbase platform. At the time, Coinbase claimed at least 6,000 customers were impacted.
Silver Miller is investigating on behalf of Coinbase customers whose accounts were compromised between March 2021 and the present day account breaches and related harm from fraudsters who conducted SIM swaps targeting them that took advantage of alleged security shortcomings at Coinbase. Coinbase’s Global Intelligence team reportedly confirmed to law enforcement in August 2022 that victims of a specific Coinbase account breach were somehow related to a giant fraud cluster that contained 75,000+ user accounts and 58 accounts. Not only is that language used by Coinbase Global Intelligence ambiguous, Coinbase also told law enforcement that it has additional data that Coinbase did not produce “due to volume.” That large fraud cluster has not been publicly disclosed, and Silver Miller is investigating exactly what that Coinbase Global Intelligence team means and how it affects Coinbase platform users who had their accounts hacked.
According to an online report, Coinbase became the most targeted cryptocurrency platform during that period due to an exploit discovered in Coinbase’s back-end programming. The report alleges Coinbase had an endpoint in its application programming interface (API) that allowed unauthorized intruders to check the balance on any customer account. This alleged vulnerability allowed fraudsters to see account balances despite certain security settings that were enabled on the accounts to prevent unauthorized access.
According to the published report, this exploit was popular for several months and was not patched until December 2021 (outside of Coinbase’s disclosed data breach window). The report further alleges that fraudsters were also able to estimate Coinbase account balances using a tool called Cashbase, which provided hackers indicators regarding account balances using Coinbase’s e-mails to victims. Coinbase’s platform allows an accountholder the option to disable his/her account for a defined period of time as a security measure, and the text message from Coinbase related to the disable link indicates the balance in the user’s account. However, according to the report, that information has proven to be easily exploitable by hackers. Silver Miller’s investigation includes a focus on how those hackers use that information to conduct carefully-timed SIM swaps and related account thefts that are not detected or prevented by Coinbase.
Fraudsters have also allegedly exploited Coinbase’s identity verification protocols in the course of infiltrating user accounts. An example was provided to Silver Miller of a Coinbase user’s real Driver’s License and a fake Identification Card uploaded by a hacker and approved by Coinbase, which allowed the hacker to empty the user’s account following a targeted SIM swap on the user’s cellphone. Our ongoing investigation suggests Coinbase’s security systems appear unable to identify or prevent use of such fraudulent identification criteria as a verified user who is a New York resident being impersonated by someone presenting for verification as “new” ID a California Identification Card with a purported residential address in “New York, NY.”
Silver Miller is investigating how hackers appear to have a working knowledge of how to infiltrate and beat Coinbase’s security platforms. While Coinbase has publicly claimed it has compensated victims for stolen cryptocurrency for the limited data breach between March 2021 and May 2021, Coinbase has not publicly addressed the issues related to hundreds if not thousands of accounts that were compromised after May 2021. Silver Miller has learned of numerous Coinbase account attacks after May 2021 that have not been addressed or resolved by the company, and we continue to investigate those and other unresolved account compromises.
ALL CASES SHOULD BE PUBLIC AND ACCESSIBLE BY THE MEDIA
Silver Miller strongly believes that forced arbitration behind closed doors is a travesty to consumer rights. Just as we advocate that the cryptocurrency space would benefit from regulatory guidance, so too do we advocate for public accountability in the industry and public resolution of consumer disputes. There are currently hundreds if not thousands of cases being hidden from the public, which harms consumers. Consumers benefit when security flaws are exposed to public scrutiny and businesses are forced to improve and enhance their platforms.
Anyone victimized on a cryptocurrency platform who has had money, cryptocurrency, or other valuable assets taken from his/her account should contact Silver Miller to discuss his/her legal options. Silver Miller is at the forefront of cryptocurrency and financial fraud litigation and fights to protect investors.
For more information about our cases, please contact David C. Silver, Silver Miller – Managing Partner at (954) 516-6000 or [email protected].
SOURCE Silver Miller