Investigation of Coinbase
Colling Gilbert Wright PLLC is a trial law firm offering representation to defrauded investors and victims of broker negligence nationwide on a contingency fee basis. Our securities litigation attorneys are currently investigating cases against Coinbase wherein the firm’s clients have alleged their accounts have been hacked and their cryptocurrency stolen.
Recent Regulatory Actions:
On January 2, 2023, Coinbase entered into a Consent Order with the New York State Department of Financial Services. This settlement with the New York regulators focused on Coinbase’s compliance failures involving anti-money laundering and Know Your Customer Rules. The Coinbase crypto-exchange has been plagued by problems involving hacking, illegal account activity, and accounts being used as conduits for illegal activity. The New York Regulators have been actively investigating Coinbase’s compliance apparatus since 2020 and at that time found “serious deficiencies in Coinbase’s compliance function across multiple areas.” This Consent Order is sweeping in its scope and tells the tale of a massive company that spent far too little on critical compliance functions designed to protect its customers.
How Does The Consent Order Affect a Potential Claim for Damages?
The Consent Order and DFS investigation is sweeping in scope. It implicates multiple levels of compliance failures at Coinbase, for many years. According to the Consent Order, the “most serious noncompliance concerns Coinbase’s ML/TF compliance program, specifically in its customer onboarding and transaction monitoring obligations. Coinbase has acknowledged its failures in this respect to the Department.” The Order says Coinbase knew about these problems since 2018. The New York State Department also said “During much of the relevant period, Coinbase’s KYC/CDD program, both as written and as implemented, was immature and inadequate.” Fundamentally, Coinbase is required by anti-money laundering rules and regulations to understand and to know the customers who use its platform to trade and store crypto-currency. This is true for banks and investment firms too. When you open your account, you have to provide identification and complete an application. The company is then supposed to run your name and identity through various background services to ensure you are who you say you are; that you haven’t stolen someone’s identity; and to ensure that you are not on any watch lists for terrorism or international criminal syndicates.
On a functional level, this process also means that Coinbase is required to understand the purpose of your account and ensure that “suspicious activities” are reported to the Treasury Department. Financial services companies have specific compliance software and staff whose job is to monitor accounts for “red flags” of potential suspicious activity and money laundering. Crypto is famous for being abused by scammers and thieves due to its relative inability to be traced. The New York regulators discovered that Coinbase had flagged several thousands of accounts and transactions and had no method of follow-up to determine the extent of any breach. Coinbase calls these Transaction Monitoring Alerts. The Consent Order said Coinbase was “overwhelmed” with a backlog of over 100,000 unreviewed alerts and as such, had critically insufficient KYC/CDD programs.
If your account was hacked by a bad actor, it is extremely likely that red flags existed sufficient to trigger one of these Transaction monitoring alerts which should have led to the account and transactions being delayed before the theft was allowed to occur to completion. Almost always, there are password requests changes, new device verifications, and access to your account from an IP address that makes no geographical sense. Then, once access is granted, the hackers typically convert whatever you have in your account to either BTC or ETH, and then immediately transfer it off your account to a non-whitelisted wallet. These wallets, which can easily be looked up, invariably reflect that they are new and that they concentrate numerous inbound transactions, and split them up into hundreds of outgoing transactions, emptying the wallet. This is essentially Money Laundering 101.
Which Coinbase Customers Have Had Their Accounts Hacked?
If your Coinbase account was hacked and your crypto-currency was stolen as a result, you may have an individual claim against Coinbase to pursue through arbitration…most likely in the American Arbitration Association (AAA) forum as the Coinbase customer agreement contractually requires. Our firm is actively partnering with other securities litigation firms around the country to review and represent victims of Coinbase related hacks. If you believe you have lost money related to alleged Coinbase security failures, please contact our offices, for a complimentary case evaluation.