Coinbase was sentenced to a $100 million fine on January 9, 2023, for breaching its anti-money-laundering (AML) and know-your-customer (KYC) obligations. This fine is composed of a $50 million fine to the New York State Department of Financial Services (NYDFS) and another $50 million it will have to spend on upgrading its existing systems to comply with the current AML standards.
This is one of the more significant fines levied against a cryptocurrency exchange for AML failings. It’s just ahead of Bittrex’s fine of $53 million a few months earlier in October, and we expect a substantially bigger penalty for BitZlato, whose founder Anatoly Legkodymov was arrested in Miami earlier this month. Fortunately for Coinbase, there are no accusations that they covered up any severe crimes, hence the relatively small fine.
In comparison, we should remember that HSBC Holdings was fined $1.9 billion for AML breaches back in 2012. They received a much larger fine because it was shown that they were actively allowing organized criminals to launder money through their branches. With Coinbase, there has been no such accusation.
In September 2021, Coinbase disclosed that there had been a data breach in their systems that resulted in 6,000 customers losing their funds. The hackers used an attack called “SIM swapping” to take advantage of Coinbase’s “feature” that allowed users to change their passwords by sending them an SMS message. They ignored the fact that hackers can easily steal your mobile number for a short period to intercept this password reset message and then run off with your crypto.
Not only did Coinbase disclose this hack month after it initially happened, but there are also reports that the hacking continued well into December 2021. Thousands of users are still organizing legal cases against Coinbase. Their argument lies in the fact that the exchange had a responsibility to protect users’ funds and that it seriously failed at this. Users should be entitled to a full refund in this case, but it all comes down to how the judge rules. The fact that users have filed tens of thousands of complaints with the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) does not make them look good here.
To make this worse, there were many reports of Coinbase’s customer service being slow and rude. In addition, refusing to help after users had detected their accounts had been hacked. In some cases, the withdrawals had not yet been processed, and Coinbase could have easily suspended these.
Still, they put their customers on hold for hours or days while they sat helplessly and watched their hard-earned crypto disappear into hackers’ wallets. A message to one customer read: “There is no credible or supportable evidence that the compromise of your login credentials was the fault of Coinbase. As a result, Coinbase is unable to reimburse you for your alleged losses.”
In recent months, Coinbase users have been victim to phishing attempts where users received urgent-looking emails purportedly from Coinbase support. This email urged them to log in to fix a problem at a link that went to a website run by the phishers. If you’ve read our previous guides, you’ll know that this approach has a few red flags that make it look suspicious. Not least the fact that Coinbase support staff appear to care about your account and are trying to be helpful.
Coinbase attempted to offer an interest-bearing product back in 2021 called “Coinbase Lend.” Much in the same way that Gemini and Genesis have been sued by the US Securities and Exchange Commission (SEC) for their “Gemini Earn” program, Coinbase was sued over a year ago for attempting to offer the same program.
Gemini and Genesis offered loans to a third party and then sold shares in this loan to its users. The main issue is that under US securities law, when you break an asset into interest-bearing shares and split them up, and sell them to people, you’ve created what is called a “security.” You need to register this program with the SEC and gain their approval before going ahead.
Fortunately, this lawsuit didn’t result in any fines for Coinbase. However, Gemini and Genesis have shown us that complying with regulations isn’t a choice; it’s the law.
We sincerely hope that your cryptocurrency investment experience has been positive so far. We also hope that you haven’t had the misfortune of losing your funds on Coinbase, FTX, Celsius, BlockFi, or any other number of exchanges or scams. If you’re getting itchy feet, we have a guide for withdrawing and custody of your own cryptocurrency. Also, check out our guides on identifying scams and phishing emails going around these holidays.
The post Coinbase Fined $100 million – What Happened Here and Why? appeared first on Global Fraud Protection.