Credit: 360b/ShutterstockThe Office of the New York State Attorney General (OAG) released a report on the integrity of cryptocurrency exchanges on September 18. However, a professional League of Legends player, Team Liquid's Yiliang "Doublelift" Peng, had already offered the perfect example of the dangers of relying on these exchanges a few days prior. How? By having roughly $200,000 stolen by someone who gained access to his Coinbase account--and therefore his bank account--after compromising the T-Mobile phone number he used for two-factor authentication.
Doublelift recounted the story on September 14 but said it actually happened several weeks ago. According to the gamer, his phone had been acting strange before the attack, but after contacting T-Mobile, he thought it was just the result of a weird glitch. Now, he believes someone was conducting a port-out scam to gain access to his phone number. Once that happened, the attacker could bypass the two-factor authentication to access his Coinbase account. From there, the hacker emptied Doublelift's virtual wallet--and his actual one, too, because his bank account was connected to Coinbase.
Doublelift expects his finances to be restored after his bank determines that it was fraud and that he didn't, in fact, overdraft on Coinbase transactions. But apparently Coinbase has no intention of reimbursing him for the stolen cryptocurrency (he didn't say how much of the $200,000 was in cryptocurrency and how much was in USD).
"Coinbase says, 'You're sh** out of luck, dude. You can't get any of it back ... it's irreversible," Doublelift said.
We've reached out to Coinbase to learn more about its policies regarding theft and will update this piece if it responds.
Interestingly, this is exactly what the OAG warned about in its report.
"Customers of virtual asset trading platforms face significant risks. In recent years, hackers have infiltrated trading platforms and stolen billions of dollars' worth of virtual currency, leaving customers with little or no recourse. Delays and outages on trading platforms are common, leaving customers unable to withdraw funds and susceptible to significant losses given volatile prices. Public reports have also linked certain trading platforms to deceptive and predatory practices, market manipulation and insider abuses ...," the report says.
"Protections for customer funds are often limited or illusory. Generally accepted methods for auditing virtual assets do not exist, and trading platforms lack a consistent and transparent approach to independently auditing the virtual currency purportedly in their possession; several do not claim to do any independent auditing of their virtual currency holdings at all. That makes it difficult or impossible to confirm whether platforms are responsibly holding their customers' virtual assets as claimed. Customers are highly exposed in the event of a hack or unauthorized withdrawal."
The report was published as a result of the OAG's Virtual Markets Integrity Initiative, which was announced in April and based on information provided voluntarily by nine cryptocurrency exchanges, including Coinbase. Much of the report confirms what many who have followed cryptocurrency for any length of time already knew: that it's hard to judge an exchange based on the limited information available to their customers, that there are few protections against market manipulation and that security has to be taken on faith.
Those warnings are likely to fall on deaf ears when they reach cryptocurrency enthusiasts. The potential upside of getting in early on the next Bitcoin or Ethereum--which basically ruined the graphics card market for several months until prices finally started to drop--is too high. The OAG's hope is to convince people who only became interested in cryptocurrency after Ethereum's rise was so well-publicized, the creation of new cryptocurrencies became commonplace and exchanges started hawking their services to anyone looking to dabble with the new money.