Image of crypto exchange apps
Coinbase has been sued after a claimed customer hack.
  • A Coinbase user is suing the exchange to recover 90% of his life savings that he says was stolen from him, lawsuit claims.
  • The user said Coinbase won't reimburse him and it sees the breach as his problem.
  • But the exchange ignored several red flags for fraud, he alleges in his claim for triple damages.

A Coinbase customer said he lost $96,000 in a phone hack — and now he's suing the US's largest cryptocurrency exchange after being told the breach was his problem.

In his lawsuit filed Monday, New York resident Jared Ferguson said 90% of his life savings were wiped out on the platform in a security breach via his phone.

The hackers drained the crypto from Coinbase's platform within eight hours of tricking his mobile service provider into handing over control of his phone number, according to the filing.

But the exchange has said it won't reimburse Ferguson and said in an email that customers are responsible for any activity that occurs when devices or passwords are compromised, according to the suit.

"Coinbase's email disclaimed any responsibility for the hacking of its customers' accounts," the filing read.

"Please note you are solely responsible for the security of your e-mail, your passwords, your 2FA codes, and your devices," the exchange said, according to the filing.

Ferguson said his carrier told him in May it had received a SIM card change request, which he hadn't made. He discovered the Coinbase theft the next day when he restored service to his iPhone.

Scammers using SIM swap fraud take advantage of 2-factor authentication (2FA), where banks and other service providers send a text message to their customer's phone to confirm activity on an account. They get a carrier to activate a SIM card on a new device for the customer's number, which lets them go through all the checks successfully.

In his complaint, Ferguson said he immediately contacted the exchange to report the hacking, but alleges its procedures fall down by failing to be alert to obviously fraudulent and unauthorized transactions.

The exchange ignored several red flags for fraud during the theft, he said, such as the use of a new device and password reset, and that it didn't use the facial recognition he had put in place.

"Coinbase's willful blindness to the many badges of fraud present here constituted bad faith acceptance of the unauthorized payment orders," the lawsuit said.

It's not the first time Coinbase has seen complaints from customers who lost money on their accounts in a SIM swap scam. One Indiana man lost $7,200 from their account in 2021 but failed to get his money back, CBS reported, noting it had been reporting on similar Coinbase hacks for months.

"Our world-class security team takes extensive security measures to ensure our customer accounts remain safe. Coinbase also encourages customers to take measures to secure their personal accounts and information outside of Coinbase," the company said in a statement to Insider. 

Ferguson is seeking a full refund plus interest, statutory and punitive damages, including triple damages. 

This story was updated at 11:27 a.m. ET on March 8 to include a comment from Coinbase.

Read the original article on Business Insider