Legal Action Filed Against Coinbase Over Withheld Assets Linked to $55M Digital Currency Heist
According to the legal complaint, Coinbase has frozen identifiable funds connected to a 2024 DAI phishing scam but declined to release them absent judicial authorization.
Digital asset platform Coinbase has become the target of legal proceedings in California's federal court system concerning frozen cryptocurrency that is purportedly connected to a $55 million DAI phishing scam that occurred in August 2024.
The legal filing, submitted on Monday to a federal court in San Francisco, contends that following the laundering of stolen proceeds via the cryptocurrency mixing service Tornado Cash, the perpetrator transferred a portion of the "traceable stolen funds" into a retail user account at Coinbase, where the assets currently remain in a frozen state.
The individual bringing the lawsuit, who is based in Puerto Rico, is requesting that the court officially recognize him as the legitimate owner of the frozen cryptocurrency and compel Coinbase to release the assets back to him. The legal action also identifies an unnamed John Doe defendant who is accused of executing the theft.
The legal proceedings raise important questions regarding the obligations of cryptocurrency trading platforms when dealing with stolen assets that have been traceably transferred to their systems following a security breach. The filing asserts that Coinbase has "acknowledged" its possession of these traced assets and has "indicated that a court order adjudicating ownership is required before it will release the frozen assets."
This matter underscores a significant challenge in the recovery of stolen cryptocurrency, where exchanges may place holds on funds suspected of being stolen after being notified, yet typically demand judicial authorization prior to releasing such assets to any individual making a claim.
The legal action arrives nearly two years following an incident in which an attacker successfully stole $55 million in Dai stablecoins via a complex phishing scheme that tricked the victim into activating a malicious link directing them to a counterfeit DeFi Saver login page, which granted the attacker the ability to access his account and digital wallets.
Cointelegraph has contacted Coinbase seeking additional information regarding the stolen cryptocurrency and the process for victim restitution.
Malicious crypto wallet draining tool facilitated the $55 million security breach
The $55 million security breach was executed utilizing the harmful Inferno Drainer platform, a service that provides scam-as-a-service malicious software for bad actors looking to enable digital asset theft without requiring the exploitation of code-level vulnerabilities in protocols.
Beyond alerting law enforcement authorities, the victim employed the services of cryptocurrency analytics firms Zero Shadow and Five Stones intelligence to track the stolen digital assets. These firms discovered evidence connecting the money laundering activities involving the stolen funds to a Ukrainian national named Okelsiy Oleksandrovych Gorelikhin.
On Nov. 30, 2024, Zero Shadow informed Coinbase that stolen cryptocurrency connected to the theft had been transferred into a Coinbase address, requesting that the exchange perform appropriate due diligence and place a freeze on the assets.
On Dec. 2, 2024, Coinbase acknowledged that the address is associated with a Coinbase retail user account and confirmed that it had put in place "friction measures" that prevent the movement of those funds while an investigation is conducted.
The legal document contended that the stolen digital currency being held in the Coinbase account represented "identifiable property traceable to Plaintiff's stolen assets" and noted that the plaintiff had previously requested the return of the assets.
The year 2024 marked a significant surge for scam-as-a-service platforms, with the utilization of Inferno Drainer increasing threefold during the first six months of the year, climbing from approximately 800 malicious decentralized applications that were created at the beginning of the year to more than 2,400 by the year's conclusion, based on data from blockchain security company Blockaid.