Coinbase is facing a new class-action lawsuit, alleging that it intentionally provided poor security to users in order to sell a $29.99-a-month membership that would provide better protection — resulting in regular users’ accounts becoming easy targets for hackers.
Lead plaintiffs Aramik Tarvirdi and Steve Mintz represent Coinbase users in a 10-page lawsuit filed in Los Angeles County District Court on Friday. They are seeking compensation for those who lost money allegedly thanks to the crypto exchange’s own vulnerabilities.
The couple is also seeking a jury trial to determine whether Coinbase violated California’s Unfair Competition Act and a court order barring it from advertising or selling Coinbase One — a $360-a-year subscription that would provide updated security and reimburse users up to $1 million in case of hacking.
In the lawsuit, Tarvirdi and Mintz state that Coinbase intentionally left vulnerabilities in its security systems for “ease of use” and to increase sales of Coinbase One. The subscription model — still in beta — is currently only available to a select few, but it’s unclear what criteria are required to be invited into the program.
“The design and nature of this business scheme exploits and deceives consumers in two ways,” the lawsuit alleges. “First, Coinbase provides the appearance of account security through a program that does not appear to be working. Second, Coinbase was encouraged to leave security holes open to force customers into a subscription program that costs $29.99 per month to increase account security and protection.”
The lawsuit goes on to explain how Coinbase waives the ‘industry standard’ cold wallet and initiates a ‘cooling off period’ for transfers to new addresses, which in turn provides easier access for hackers.
“Consumers are then left at the mercy of hackers and other nefarious parties exploiting these vulnerabilities to drain victims’ accounts in an instant. Common attacks include: sim-swap attacks, spoofing two-factor authentication, man-in-the-middle attacks, cookie theft, and session hijacking,” (our emphasis).
The lead plaintiffs and users represented in the lawsuit allege that “all of these attacks had at least one element in common, a new address was added to a Coinbase account and funds or assets were transferred to the new address.”
According to them, Coinbase is more than aware of the vulnerability through its own subscription program terms — if additional layers of security are available, it suggests that deny their regular customers to save money.
Read more: Bad day for Coinbase: Trailer bust, SEC probe, Cathie Wood dump
Coinbase Lawsuit Named Judge
According to Coinbase, its beta subscription product offers $0 trading fees, 24/7 dedicated customer support, account protection up to $1 million, pre-filled tax forms (Form 8949) and premium stake rewards.
He says only a “limited” audience in the US has access to Coinbase One. Those who qualify are notified by email, but users can log in and try their luck.
In the event of a hack, Coinbase One subscribers will not be entitled to any compensation “if you engage in unreasonable, abusive or dishonest behavior in your communications with Coinbase.” This includes contacting Coinbase employees “outside of official customer support channels.”
“The eligibility, determination of the amount of any recoverable losses, and any interpretation of these Coinbase Account Protection Guarantee Terms shall be determined by Coinbase in its sole discretion.”
What’s more, if you “bring any action, suit or claim” against the company, its employees or “affiliates,” you won’t get a penny. At press time, no court hearings have been scheduled. However, Judge Stuart M. Rice was assigned to the case. He was appointed by former Governor Arnold Schwarzenegger in 2005.
For more information, follow us Twitter and Google news or listen to our investigative podcast Innovated: Blockchain City.