KEY POINTS

  • Nearly 100 Coinbase users collectively lost $21 million due to a crypto scam
  • These users are now blaming Coinbase for negligence
  • All of these victims used a new cryptocurrency product called the Coinbase Wallet

Nearly 100 Coinbase users have brought a new arbitration demand against Coinbase, a publicly traded company known for its cryptocurrency exchange platform, faulting it for negligence after customers collectively lost $21 million to a crypto scam.

These Coinbase users who filed an arbitration demand against the company were defrauded through liquidity mining pool scams. This kind of scam tricks investors into placing their cryptocurrencies into what they advertise as "true collective investment opportunities."

The malicious actors use the so-called smart contracts, which rain victims' accounts by executing a code that automates transactions between unsuspecting users. Like the pig butchering scam, it also encourages investors to make more investments before the funds are stolen.

"This case is about a glaring security flaw in the Coinbase Wallet (the 'Coinbase Wallet' or the 'Wallet'), a non-custodial electronic wallet that Coinbase portrays as a safe, secure mechanism for users to store digital assets, like Bitcoin, Ethereum, and USDT (hereinafter, 'crypto')," the arbitration demand read. "In fact, due to a compromised user interface that effectively lulls Wallet users into a false sense of security, the Wallet allows scammers to hijack customers' Wallets and withdraw all of their crypto assets without authorization."

The arbitration demand also underlined Coinbase's inaction despite its knowledge of the issue. It stated: "Making matters worse, Coinbase had been repeatedly told about this security flaw for months, beginning in the early fall of 2021, but took no remedial steps to fix the security flaw or even warn customers about this major problem, despite warning customers about other security risks. Because of this, hundreds of Wallet users, many of whom stored their entire life savings (and more) in their Wallet, had their crypto stolen by thieves."

"This action will hold Coinbase accountable for this horrific security flaw that has devastated the lives of hundreds of people, all victims of this easily preventable scam," it further noted. "When these scams first started in the fall of 2021, customers immediately warned Coinbase's customer service about the security flaws in the Wallet," the document revealed.

"Customers even created YouTube videos about the Coinbase liquidity mining pool scams. And in its SEC filings, Coinbase confirmed that wallet security was a paramount concern and that malicious smart contracts posed a stark security threat. Nonetheless, Coinbase refused to take measures to warn its customers about the scams, respond to the ongoing threat, take down or block the scam apps that customers were warning Coinbase about, change the design or user interface of its Wallet to fix the problem, or reimburse customers for their losses," it stated.

All of these victims who collectively lost $21 million used a new cryptocurrency product called the Coinbase Wallet, which according to Coinbase spokesperson Lisa Johnson, "gives the users the freedom and control to interact directly with the world of crypto without any intermediation by Coinbase."

But, contrasting the conventional Coinbase-hosted wallets where the company serves as a bank to hold the assets securely, the product they used enables individuals to keep their own private keys, which opens the gate to a wide spectrum of modern digital transactions.

Unlike other crypto cases, this one is different in the sense that it prompts users to allow fraudulent transactions by "clicking on these innocuous-looking vouchers would record a single line of computer code granting the scammers permission to steal crypto deposited into an account, weeks or months later," according to The Washington Post.

For the complainants, Coinbase 's terms of use never forewarned them of the risk and only assured users that their accounts would be compromised if they shared their secret passcode. "The scams succeed because Coinbase designed a flawed user interface that completely failed to warn its customers that the malicious smart contracts have the ability to access and withdraw (without the users' consent) unlimited amounts of users' crypto from their Wallets, both at the time the contract was entered into and in the future," the arbitration demand read.

In response to the allegation, the company's spokesperson said: "Coinbase is committed to protecting its customers from scams, fraud, and other crimes and has invested significant resources in protecting users against liquidity mining scams."

"A customer's activities on Coinbase Wallet, including managing the wallet's private security keys and access to the wallet's contents, are exclusively controlled by the customer, not Coinbase," the spokesperson added, noting, "that is why Coinbase provides customers with multiple product offerings, so they can choose the products that are best for them."

People watch as the logo for Coinbase Global Inc, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron at Times Square in New York, U.S., April 14, 2021.
People watch as the logo for Coinbase Global Inc, the biggest U.S. cryptocurrency exchange, is displayed on the Nasdaq MarketSite jumbotron at Times Square in New York, U.S., April 14, 2021. Reuters / Shannon Stapleton