The Office of the New York State Attorney General (OAG) released a report on the integrity of cryptocurrency exchanges on September 18. However, a professional League of Legends player, Team Liquid's Yiliang "Doublelift" Peng, had already offered the perfect example of the dangers of relying on these exchanges a few days prior. How? By having roughly $200,000 stolen by someone who gained access to his Coinbase account--and therefore his bank account--after compromising the T-Mobile phone number he used for two-factor authentication.
Doublelift recounted the story on September 14 but said it actually happened several weeks ago. According to the gamer, his phone had been acting strange before the attack, but after contacting T-Mobile, he thought it was just the result of a weird glitch. Now, he believes someone was conducting a port-out scam to gain access to his phone number. Once that happened, the attacker could bypass the two-factor authentication to access his Coinbase account. From there, the hacker emptied Doublelift's virtual wallet--and his actual one, too, because his bank account was connected to Coinbase.
Doublelift expects his finances to be restored after his bank determines that it was fraud and that he didn't, in fact, overdraft on Coinbase transactions. But apparently Coinbase has no intention of reimbursing him for the stolen cryptocurrency (he didn't say how much of the $200,000 was in cryptocurrency and how much was in USD).
"Coinbase says, 'You're sh** out of luck, dude. You can't get any of it back ... it's irreversible," Doublelift said.
We've reached out to Coinbase to learn more about its policies regarding theft and will update this piece if it responds.
Interestingly, this is exactly what the OAG warned about in its report.
"Customers of virtual asset trading platforms face significant risks. In recent years, hackers have infiltrated trading platforms and stolen billions of dollars' worth of virtual currency, leaving customers with little or no recourse. Delays and outages on trading platforms are common, leaving customers unable to withdraw funds and susceptible to significant losses given volatile prices. Public reports have also linked certain trading platforms to deceptive and predatory practices, market manipulation and insider abuses ...," the report says.
"Protections for customer funds are often limited or illusory. Generally accepted methods for auditing virtual assets do not exist, and trading platforms lack a consistent and transparent approach to independently auditing the virtual currency purportedly in their possession; several do not claim to do any independent auditing of their virtual currency holdings at all. That makes it difficult or impossible to confirm whether platforms are responsibly holding their customers' virtual assets as claimed. Customers are highly exposed in the event of a hack or unauthorized withdrawal."
The report was published as a result of the OAG's Virtual Markets Integrity Initiative, which was announced in April and based on information provided voluntarily by nine cryptocurrency exchanges, including Coinbase. Much of the report confirms what many who have followed cryptocurrency for any length of time already knew: that it's hard to judge an exchange based on the limited information available to their customers, that there are few protections against market manipulation and that security has to be taken on faith.
Those warnings are likely to fall on deaf ears when they reach cryptocurrency enthusiasts. The potential upside of getting in early on the next Bitcoin or Ethereum--which basically ruined the graphics card market for several months until prices finally started to drop--is too high. The OAG's hope is to convince people who only became interested in cryptocurrency after Ethereum's rise was so well-publicized, the creation of new cryptocurrencies became commonplace and exchanges started hawking their services to anyone looking to dabble with the new money.
A few cryptocurrency exchange CEO's going to jail even just overnight will send the message "Hey, this is not the wild frontier anymore, you have to have some consumer protection methods!"
Frankly, it's against the ethos of crypto in the first place: you should not be centralizing it, such that you cannot retain full and impregnable control of your wallet on your own.
I will admit that's hard though with exchange limits being what they are in a day.
How about a simple law that gets rid of the cancer of cryptocurrencies and all the pyramid schemes and criminal activities related to it?
Someone is stupid enough to go into it, let them suffer when they lose money.
Edit- I can tell some hurt feelings by the downvotes, doesn't change the facts. In its current form, crypto was never good. It was only a good way to make money off of others (and cause huge amounts of extra electricity to be wasted), not a good replacement for normal currency. Period. I wonder how far we could have gotten if all that crypto mining was instead poured into folding. That at least would have benefited science, rather than using electricity and speculation to take money from others (just like stocks).
"From there, the hacker emptied Doublelift's virtual wallet--and his actual one, too, because his bank account was connected to Coinbase."
I'm guessing the hacker simply bought as much crypto as he could using the connected bank account to drain it, and then transferred everything out.