League of Legends Pro, NYS Attorney General Highlight Cryptocurrency Risks

(Image credit: 360b/Shutterstock)

The Office of the New York State Attorney General (OAG) released a report on the integrity of cryptocurrency exchanges on September 18. However, a professional League of Legends player, Team Liquid's Yiliang "Doublelift" Peng, had already offered the perfect example of the dangers of relying on these exchanges a few days prior. How? By having roughly $200,000 stolen by someone who gained access to his Coinbase account--and therefore his bank account--after compromising the T-Mobile phone number he used for two-factor authentication.

Doublelift recounted the story on September 14 but said it actually happened several weeks ago. According to the gamer, his phone had been acting strange before the attack, but after contacting T-Mobile, he thought it was just the result of a weird glitch. Now, he believes someone was conducting a port-out scam to gain access to his phone number. Once that happened, the attacker could bypass the two-factor authentication to access his Coinbase account. From there, the hacker emptied Doublelift's virtual wallet--and his actual one, too, because his bank account was connected to Coinbase.

Doublelift expects his finances to be restored after his bank determines that it was fraud and that he didn't, in fact, overdraft on Coinbase transactions. But apparently Coinbase has no intention of reimbursing him for the stolen cryptocurrency (he didn't say how much of the $200,000 was in cryptocurrency and how much was in USD).

"Coinbase says, 'You're sh** out of luck, dude. You can't get any of it back ... it's irreversible," Doublelift said.

We've reached out to Coinbase to learn more about its policies regarding theft and will update this piece if it responds.

Interestingly, this is exactly what the OAG warned about in its report.

"Customers of virtual asset trading platforms face significant risks. In recent years, hackers have infiltrated trading platforms and stolen billions of dollars' worth of virtual currency, leaving customers with little or no recourse. Delays and outages on trading platforms are common, leaving customers unable to withdraw funds and susceptible to significant losses given volatile prices. Public reports have also linked certain trading platforms to deceptive and predatory practices, market manipulation and insider abuses ...," the report says.

"Protections for customer funds are often limited or illusory. Generally accepted methods for auditing virtual assets do not exist, and trading platforms lack a consistent and transparent approach to independently auditing the virtual currency purportedly in their possession; several do not claim to do any independent auditing of their virtual currency holdings at all. That makes it difficult or impossible to confirm whether platforms are responsibly holding their customers' virtual assets as claimed. Customers are highly exposed in the event of a hack or unauthorized withdrawal."

The report was published as a result of the OAG's Virtual Markets Integrity Initiative, which was announced in April and based on information provided voluntarily by nine cryptocurrency exchanges, including Coinbase. Much of the report confirms what many who have followed cryptocurrency for any length of time already knew: that it's hard to judge an exchange based on the limited information available to their customers, that there are few protections against market manipulation and that security has to be taken on faith.

Those warnings are likely to fall on deaf ears when they reach cryptocurrency enthusiasts. The potential upside of getting in early on the next Bitcoin or Ethereum--which basically ruined the graphics card market for several months until prices finally started to drop--is too high. The OAG's hope is to convince people who only became interested in cryptocurrency after Ethereum's rise was so well-publicized, the creation of new cryptocurrencies became commonplace and exchanges started hawking their services to anyone looking to dabble with the new money.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • TJ Hooker
    The hack mentioned sounds like a result of SMS 2FA that was compromised. Don't use SMS 2FA if you have an alternative option! (e.g. authenticator app)
    Reply
  • Christopher1
    There is a simple solution to this: Laws that mandate that these cryptocurrency exchanges have to have ways to return fraudulently taken monies to people.
    A few cryptocurrency exchange CEO's going to jail even just overnight will send the message "Hey, this is not the wild frontier anymore, you have to have some consumer protection methods!"
    Reply
  • WINTERLORD
    so my next motherboard will have one of these for realtime raytracing kinda makes me wonder now what amd will offer in the future
    Reply
  • canadianvice
    @Christopher1: Sounds great. The problem is how this works. It was secure to any acceptable level. But they just need that code and it's done.

    Frankly, it's against the ethos of crypto in the first place: you should not be centralizing it, such that you cannot retain full and impregnable control of your wallet on your own.

    I will admit that's hard though with exchange limits being what they are in a day.
    Reply
  • Zaporro
    21333627 said:
    There is a simple solution to this: Laws that mandate that these cryptocurrency exchanges have to have ways to return fraudulently taken monies to people.
    A few cryptocurrency exchange CEO's going to jail even just overnight will send the message "Hey, this is not the wild frontier anymore, you have to have some consumer protection methods!"

    How about a simple law that gets rid of the cancer of cryptocurrencies and all the pyramid schemes and criminal activities related to it?


    Someone is stupid enough to go into it, let them suffer when they lose money.
    Reply
  • robax91
    Sucks to hear, I'm a fan of DL. Anyways though, people should have run away from crypto long ago. It's not the "money of the future" it's a way for people with tons of money to game the system (same as stocks, other risky investments) and a way for illegal payments to get made with tons of anonymity. Unless it gets regulated and protections put in place (as well as accountability), crypto is just a huge risk not worth taking.

    Edit- I can tell some hurt feelings by the downvotes, doesn't change the facts. In its current form, crypto was never good. It was only a good way to make money off of others (and cause huge amounts of extra electricity to be wasted), not a good replacement for normal currency. Period. I wonder how far we could have gotten if all that crypto mining was instead poured into folding. That at least would have benefited science, rather than using electricity and speculation to take money from others (just like stocks).
    Reply
  • hdmark
    or... dont keep money on a crypto exchange ?
    Reply
  • TJ Hooker
    21335749 said:
    or... dont keep money on a crypto exchange ?
    It wasn't just the money he kept on the exchange:

    "From there, the hacker emptied Doublelift's virtual wallet--and his actual one, too, because his bank account was connected to Coinbase."

    I'm guessing the hacker simply bought as much crypto as he could using the connected bank account to drain it, and then transferred everything out.
    Reply