Articles Tagged with Coinbase

Chicago-based Stoltmann Law Offices is representing clients who’ve suffered losses from advisors who sold clients cryptocurrencies that have lost value and investors who have lost funds due to identity theft, fraud, and hacking involving their crypto-currency accounts.  One of the biggest stories in finance, has been the epic crash of cryptocurrencies, which were pitched as profitable alternatives to cash, stocks, and bonds. “Cryptos” were sold as sure-fire hedges against inflation, but as inflation continued to rise, digital currencies kept heading south in a big way.

Worse yet, the overselling of cryptos has been tied to $1 billion losses in outright scams involving more than 46,000 people, according to the Federal Trade Commission (FTC). As with most swindles, investors were enticed with the promise of quick wealth with no risk. The “Crypto Crash” goes beyond the perils of high inflation and supply chain issues, though. Many observers believe the promise of crypto wealth is actually a Ponzi scheme that’s not linked to any underlying legitimate investment and is fueled by a stream of new investors being duped by the illusion of instant wealth.

The decline in some cryptos has been devastating. According to Robert Reich in The Guardian: “TerraUSD, a `stablecoin,” – a system that was supposed to perform a lot like a conventional bank account, but was backed only by a cryptocurrency called Luna – collapsed, losing 97% of its value in just 24 hours, apparently destroying some investors’ life savings.”

Stoltmann Law Offices, P.C. represents investors who have lost cryptocurrency as a result of hacks and theft from their accounts.  In December 2021, a security breach at crypto-exchange BitMart resulted in customers losing more than $200 million in cryptocurrency.  What is newsworthy, is that since May 2022, the Federal Trade Commission has been investigating BitMart in connection with this hacking incident.  According to court filings, the FTC is evaluating 1) whether BitMart engaged in deceptive, unfair, or otherwise unlawful acts or practices regarding the marketing and representations made by BitMart to its clients about account security, in violation of Section 5 of the FTC Act, 15 U.S.C. Section 45; and 2) violations of Gramm Leach Bliley Act, 15 U.S.C. Sections 6801-27, which is a federal law that, amongst other things, requires financial institutions to protect the private information of its customers.

This investigation is significant because it is reportedly the first time the FTC has investigated the crypto-exchange market. Surely, the ten-fold increase in crypto-related hacks and identity thefts from 2020-2021, has drawn the attention of the FTC, which investigates scams and identity thefts on behalf of consumers. Also significant is the possible application of the Gramm-Leach-Bliley Act to crypto-currency exchanges.  Since their inception, exchanges like Coinbase, Voyager, and Gemini, to name a few, have heavily lobbied Washington to stay out of their business.  These exchanges are profit centers for their owners and shareholders and they do not need layers of consumer protection regulations to crimp their style. Recently, as hacking, identity theft incidents, and bankruptcies rock the crypto-exchange world, whispers of CFTC and SEC regulations are becoming calls for action.

Crypto-Exchanges argue consistently that cryptocurrencies like Bitcoin are not securities – because if they are, then the purchase, sale, and exchange of Bitcoin will have to be handled like any securities transaction offered through a brokerage firm. What’s the big deal?  Securities Exchange registration would require companies like Coinbase to spend exponentially more money on compliance, surveillance, and supervision of accounts to ensure record keeping, and security, as opposed to taking all that money they generate in transaction fees, and allowing their founder to buy the most expensive real estate in Los Angeles County.  Notwithstanding all of the representations about account security and how crypto-exchanges prioritize account security, their resistance to registering as securities brokers/dealers should tell consumers all they need to know about how they prioritize consumer protections over profit.

Chicago-based Stoltmann Law Offices is representing investors who’ve suffered losses from firms that have not protected crypto assets. In this cyber age, some of the biggest thefts don’t involve masked robbers and guns. They happen online as thieves are increasingly stealing digital currencies and Non-Fungible Tokens (NFTs), which are valuable digital images. In the first quarter of this year alone, cyberthieves have robbed some $1.3 billion in hacking events, according to Atlas VPN.

How do thieves pull off these heists? They break into so-called online “digital wallets,” or online exchanges where investors store cyber currencies like Bitcoin. Unlike bank vaults with thick steel doors, these virtual storerooms can be accessed any number of ways through the internet. Third parties act as repositories for the currencies and include:

  • The Ethereum ecosystem was hacked 18 times, resulting in a loss of almost $636 million.

Chicago-based Stoltmann Law Offices represents victims of SIM-Swap fraud nationwide on a contingency fee basis. Typically, SIM-Swaps end-run is designed to pillage a victims’ financial accounts.  Although SIM Swaps put many types of accounts at risk, the vast majority of SIM Swap scams lead to the unauthorized access by a fraudster to the victim’s crypto-currency accounts held with companies like Coinbase and Voyager.

These scams have different varieties, but they boil down to the same theme.  Some how, but usually by social engineering or pretexting, an impersonator contacts your cellular telephone carrier, like T-Mobile, AT&T, or Verizon, and either 1) requests that the SIM card – The special identification key linked to your phone number that is unique to you and is what allows your phone to communicate with the cellular network – be transferred, ported, or “swapped” to a new device or phone; or 2) that it be ported over to a new carrier (like T-mobile to AT&T). In either scenario, the carrier then fails to properly identify the fraudster as an impersonator for myriad reasons, and transfers the SIM to a phone that is in the possession of a crook.  The crook, who already has built a file on the victim, goes to Coinbase, for example, and requests to change a password. When that information is confirmed by Coinbase, and because the real user has taken steps to protect their account, Coinbase fires off a message to the cell phone number on file, containing an authorization code, which the criminal now gets, not the real account owner. Armed with the authorization code, the crook changes the password, walks into the Coinbase or Voyager account right through the front door, typically converts whatever crypto-currency is in the account to either Bitcoin or Ethereum, and then transfers it out of the account to an anonymous wallet in the possession of the crook.  Your crypto is gone.  You will spend days emailing Coinbase or Voyager, desperate to speak to an actual human who you think can help you. But they will not. They will tell you they are sorry, but that there is nothing they can do about it. If this seems like a bad dream or some horror story reserved for a camp-fire, it is not. This is a real scam that happens countless times, every day, all over the country.

Just today, a story was posted by the Honolulu Star-Advertiser about the FBI warning of “growing SIM-Swapping threat.” The FBI stated that the FBI Internet Crime Complaint Center received 1,611 SIM Swap complaints in 2021, compared to a total of 320 from January 2018 through the end of 2020. This massive increase, according to the FBI, cost victims at least $68 million. Importantly, these are only those complaints reported to the FBI ICCC.  The real numbers are likely much higher than what is being reported by the FBI.  The FBI advised cellular carriers to do better: to educate their employees through training, set strict security protocols which require employees to verify customer credentials before changing a number to a new device, and to authenticate calls from third party retailers asking for customer information.

Stoltmann Law Offices, P.C. is a Chicago-based securities and investor-protection law firm offering representation to defrauded investors nationwide on a contingency fee basis. We have been prosecuting claims against cellular phone providers like T-Mobile, AT&T, and Verizon on behalf of victims of SIM-Swap attacks for the past few years now. We are also actively pursuing claims against Coinbase for its role in failing to secure their customer accounts in violation of the terms of their user agreement.

Recently, there has been a flood of SIM Swap attacks against T-Mobile customers. Although it is speculation, this summer, T-Mobile announced that its customer database had been compromised, leading to the unauthorized access to customer account information effecting over 40 million subscribers.  That attack, as time has gone by, has been revealed to have been far worse than originally reported.  T-Mobile updated its customers a few months ago, and suggested that the attack compromised critical security information about its customer accounts, including phone numbers, customer names and addresses, dates of birth, IMEIs and IMSIs.  T-Mobile said in a statement that it had no indication that hackers were able to access financial information such as credit card or debit card data.  By way of background, an IMSI is the unique “International Mobile Subscriber Identity” number which identifies every cellular network user. It is a unique 15-digit number assigned to every user and is part of your SIM profile. SIM is another acronym for “Subscriber Identity Module.” The IMSI identifies where you use your phone and which mobile network (i.e., T-Mobile) you access.  This is critical intelligence for anyone seeking to pull off a SIM Swap.

Although the hackers didn’t apparently gain access to sensitive financial data of customers, they did get a picnic basket of information that was surely sold to other hackers. If a hacker has your phone number, name/address, and IMSI, getting a SIM swap done is pretty simple unfortunately. These hackers identify people known to have crypto-currency accounts and then engineer hacks of their SIM so that they can gain access to a target’s Coinbase account and transfer the funds to another wallet on the blockchain and move on to the next victim. Because of the anonymous nature of crypto-currency transactions on the blockchain, the transactions are virtually untraceable and cannot be reversed.  This massive attack on T-Mobile, which compromised millions of customer accounts, is likely leading to a surge in SIM Swap-Crypto theft attacks. These massive data breaches by cellular providers are not  a new phenomenon and occur far too often. The good news for victims is, cellular providers like T-Mobile, AT&T, and Verizon can be held liable for a SIM Swap attack that leads to the loss of crypto currency or other financial accounts.

CNBC
FOX Business
The Wall Street Journal
Bloomberg
CBS
FOX News Channel
USA Today
abc NEWS
DATELINE
npr
Contact Information