Coinbase Global Inc. says it’s not responsible for losses stemming from a security breach, according to an account holder who sued in an attempt to recover $96,000 that he says was stolen from him.
Jared Ferguson of Staten Island, New York, claims he received a text from his mobile carrier in May describing a SIM card change request that he hadn’t made. When he restored service to his iPhone the next day with a new card, Ferguson said he learned that almost his entire life savings was gone from his Coinbase account.
Ferguson argues that under state and federal laws, Coinbase, the largest US cryptocurrency exchange, bears responsibility for unauthorized withdrawals. But the company has refused to reimburse him, saying in an email that security of passwords and two-factor authentication codes are his responsibility, according to the lawsuit. Two-factor authentication offers extra security by sending a code, usually to a user’s phone or email.
“Please note you are solely responsible for the security of your e-mail, your passwords, your 2FA codes, and your devices,” Coinbase wrote Ferguson, according to the complaint, filed Monday in San Francisco federal court. “Coinbase’s email disclaimed any responsibility for the hacking of its customers’ accounts,” Ferguson said.
Ferguson claims Coinbase’s security procedure fails to flag and hold “obviously fraudulent and unauthorized transactions.” He says his account was drained in less than eight hours from a new device, immediately after his password was reset and from an IP address not previously associated with his account.
Coinbase is reeling from a plunge in trading volume on its exchanges. Investors and speculators alike deserted crypto as one scandal after another drained confidence in digital assets. At San Francisco-based Coinbase, revenue and trading volume both plummeted in 2022, and the company reported a full-year loss of $2.63 billion.
The company didn’t immediately respond to a request for comment on the lawsuit.