Jared Ferguson says Coinbase's security procedures failed to flag the fraudulent transactions, but the exchange argues that he bears responsibility for what happened.
Listen to the CoinMarketRecap podcast on Apple Podcasts, Spotify and Google Podcasts
A man is suing Coinbase after $96,000 was stolen from his account — but the exchange is insisting that the loss isn't its responsibility.
In court documents filed in California, Jared Ferguson maintains he was a victim of identity theft, and has gotten nowhere after raising his case with the exchange.
Ferguson argues that Coinbase is legally obliged to credit his account in full for the funds, but is yet to do so.
It's alleged that he first opened an account with the exchange back in 2017 and had mainly accessed his account through an iPhone.
But in May 2022, he received a text that claimed a SIM card change had been requested. Ferguson said he ended up calling T-Mobile from a friend's phone for technical support, and was told that the change was needed. He then picked up a new SIM card from a store. The court filing adds:
"That same day, after restoring service to his iPhone, plaintiff checked his Coinbase account and discovered that thieves had transferred approximately $96,000 from his Coinbase wallet, 90% of his life savings."
Ferguson speedily contacted Coinbase's customer service team about the theft, and says he provided an array of supporting documentation to bolster his case. However, he claims that the crypto company then told him this:
"Customers ... are responsible for any activity that occurs when those devices or passwords are compromised … Please note you are solely responsible for the security of your email, your passwords, your 2FA codes, and your devices."
All of this is a sobering reminder that crypto investors need to take security seriously — and in any case, storing Bitcoin in an exchange account isn't always the best idea. Self-custody, ideally in an environment that isn't connected to the internet, is often a much safer bet.
The lawsuit argues that Ferguson is entitled to treble damages — meaning he is seeking a payout of at least $288,000.
And the plaintiff claims that Coinbase's security procedure "fails to flag and hold obviously fraudulent and unauthorized transactions" — despite the fact that they were entirely out of character with how he's used his account in the past, from a new IP address and device, and immediately after his account's password had been changed. The filing adds:
"Any commercially reasonable policy would have assessed this combination of troubling factors, flagged the transactions as suspect, and held or rejected the transactions as likely to be fraudulent."
Ferguson is also demanding that he's paid interest on the crypto he lost, and that his legal fees are covered.
Coinbase has responded to the lawsuit by maintaining that it has a "world-class security team" in place to protect accounts belonging to customers — and that a range of measures have been enforced to shield funds from malicious actors.
But it added that customers are encouraged to take additional steps to keep their accounts secure — especially when it comes to "information outside of Coinbase."