An Indiana resident is flabbergasted that he will receive no compensation from Coinbase for crypto funds lost through an account takeover following a SIM swap attack.
The victim in question, Dan Tiberi, received an unpleasant shock at the start of the holiday season. He found himself thousands of dollars out of pocket following a SIM-swap attack that saw his Coinbase credentials compromised and his mobile operator changed.
He received an unsolicited text message confirming a password change that he did not request. Upon further investigation, Tiberi discovered he could not make an outgoing call from his T-mobile device. It was at this point that Tiberi suspected foul play.
The attacker stole more than $7,300 worth of ETH from Tiberi’s Coinbase account. Luckily, Tiberi’s bank blocked the transaction, but Coinbase then dug into his other crypto holdings of bitcoin, Litecoin, and Chainlink to cover the costs of the extra ETH. Tiberi was not amused. “Once a transaction has started, they can’t stop it, and they are able to collect funds for that transaction that was completed by the hacker. To me, that’s absolutely ridiculous,” he said.
Coinbase refusing to reimburse losses
Coinbase has defended itself, only acknowledging that an “attacker” performed the ETH withdrawal. The insurance that covers customers’ crypto holdings only reimburses lost crypto if the loss was deemed to result from a cybersecurity breach of the exchange’s system. In the case of Tiberi, a stolen password was the cause of his loss and he will receive no compensation from Coinbase.
According to the Federal Communications Commission (FCC), scammers can switch a mobile number operator with enough personal information. Such information can include a user’s name, address, birth date, PINs, or passwords. Malicious actors sometimes obtain this information from the dark web or from leaked private data.
Room for improvement
Coinbase has not had an excellent record with customer service. CNBC reported in August 2021 that over 11,000 complaints had been filed with the Federal Trade Commission, the Consumer Financial Protection Bureau, and the Better Business Bureau. A former customer service employee revealed that Coinbase had been looking to remove live customer chat, but that was during his tenure from 2014 to 2016.
When asked for a statement about customer service, a spokesperson claimed that less than 0.01% of customer accounts had been subject to takeovers, as they were in Mr. Tiberi’s case. Coinbase has said that it’s looking to launch phone support to deal with account takeovers by the end of the year.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.