Activity tagged "law"

Posted:

A Coinbase data breach filing with the Maine Attorney General finally gives us some more detail than Coinbase’s vague “less than 1% of monthly transacting users”. 69,461 people were affected, and Coinbase says the data breach occurred on December 26, 2024.

Data Breach Notifications
Entity Information
Type of Organization: Financial Services
Entity Name: Coinbase, Inc.
Street Address: 248 3rd Street #434
City: Oakland
State, or Country if outside the US: CA
Zip Code: 94607
Submitted By
Name: Michael Rubin
Title: Attorney
Firm name (if different than entity): Latham and Watkins LLP
Telephone Number: (415) 395-8154
Email Address: michael.rubin@lw.com
Relationship to entity whose information was compromised: Outside Counsel
Breach Information
Total number of persons affected (including residents): 69461
Total number of Maine residents affected: Approximately 217
If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified:
Date(s) Breach Occured: December 26, 2024
Date Breach Discovered: May 11, 2025
Description of the Breach:
Insider wrongdoing
Information Acquired - Name or other personal identifier in combination with:
Notification and Protection Services
Type of Notification: Written
Date(s) of consumer notification: May 30, 2025
Copy of notice to affected Maine residents: Appendix_A_-_Coinbase_Template_Individual_Notification_Letter.pdf
Date of any previous (within 12 months) breach notifications: 07/16/2024
Were identity theft protection services offered: Yes
If yes, please provide the duration, the provider of the service and a brief description of the service: We are offering all impacted individuals one year of free credit monitoring and identity protection services provided by IDX. The services include credit monitoring, a $1,000,000 insurance reimbursement policy and identity restoration, and dark web monitoring to identify if any information is made available through illegal online forums.

It took them almost five months between the incident and the incident disclosure, although the company has since admitted it knew customer support agents were suspiciously accessing customer data as far back as January.

Security researchers who have spent months trying to call Coinbase’s attention to serious issues at the company are disputing Coinbase’s claims about the timing of the breach. “Threat actors had ongoing access via multiple insiders over a prolonged period of time.”

Oh good apparently now the Coinbase breach happened on Dec 26, 2024.

LOL

So since Coinbase won't be straight with you, I will. 

Threat actors had ongoing access via multiple insiders over a prolonged period of time. (Screenshot of Maine AG notification)
As evidence, here's a very small cutout of one high value customer's Coinbase account.

This wasn't pulled on Dec 26, 2024 honey.

(Screenshot showing dates between 2025-02-07 and 2025-02-10)

The SEC requires material cybersecurity incidents be disclosed within four business days; state laws often have a 30-day disclosure deadline. It’s not clear if customers outside the US were affected; if so, other disclosure laws may apply.

Posted:

Adam Levitin on the GENIUS Act:

[I]n regard to cash deposits, the stablecoin investors will have priority over the claims of ma-and-pa for their bank deposits (and thus over the FDIC's subrogation claim when it pays ma-and-pa).

Yes, you read that correctly: Congress is about to put the claims of stablecoin investors ahead of ma and pa's bank deposits. That's just stunning. Now ma-and-pa's deposits are FDIC insured, so they'll be alright, but it means the FDIC's Deposit Insurance Fund is footing the bill. In other words, the GENIUS Act is subsidizing stablecoin issuance on the back of bank deposits. By subordinating the FDIC's subrogation claim in a bank insolvency to the claims of stablecoin investors, the GENIUS Act is effectively letting FDIC insurance leak out to cover uninsured stablecoins, without any insurance premiums paid.
Whatever else one might think about stablecoins or the GENIUS Act, its insolvency provisions are an absolute mess, both conceptually and in drafting. If the GENIUS Act becomes the law, we're in for a FUBAR situation when a stablecoin issuer ends up insolvent. Even more concerning, if a bank custodian for a stablecoin issuer's reserves ends up insolvent, the claims of the stablecoin investors will come ahead of the bank depositors. That's right. Crypto comes ahead of ma-and-pa.  The effect: stablecoins are being subsidized by bank deposits. Now that's GENIUS.
Read:
Whatever else one might think about stablecoins or the GENIUS Act, its insolvency provisions are an absolute mess, both conceptually and in drafting. If the GENIUS Act becomes the law, we're in for a FUBAR situation when a stablecoin issuer ends up insolvent. Even more concerning, if a bank custodian for a stablecoin issuer's reserves ends up insolvent, the claims of the stablecoin investors will come ahead of the bank depositors. That's right. Crypto comes ahead of ma-and-pa.  The effect: stablecoins are being subsidized by bank deposits. Now that's GENIUS.
Posted:

In April, Coinbase announced changes to its user agreement that added two clauses further limiting class action lawsuits and requiring lawsuits to be filed in New York. The changes apply to disputes initiated after May 15.

On May 14, Coinbase disclosed a data breach.

Coinbase logo  4/12/2025

Update to the Coinbase User Agreement

We are emailing you about an important upcoming update to the Coinbase User Agreement. This update will revise our Arbitration Agreement with you. We made these updates to streamline the process for resolving disputes.

You can read the entire agreement here. The revised terms are in sections 9.9, 9.10 and Appendix 6.

These terms apply only to disputes that you or we initiate after May 15, 2025. The current terms will continue to apply until May 15.

Please make sure you read the updated User Agreement.

Thank you for being part of the crypto economy!

Team Coinbase
9.9. Class, Collective, Representative, and Mass Action Waiver and Jury Trial Waiver. You and Coinbase agree that, except as specified in the Batch Arbitration Provision set forth above, each of us may bring claims against the other only on an individual basis and not on a class, representative, or collective basis or as part of a mass action (such as a mass arbitration), and the parties hereby waive all rights to bring or to participate in such actions in arbitration or in court to the maximum extent permitted by applicable law. This provision does not prevent you or Coinbase from participating in a class-wide settlement of claims. YOU AND WE AGREE TO WAIVE OUR RIGHTS TO A JURY TRIAL. To the extent that any Dispute proceeds in court, and to the maximum extent permitted by applicable law, you and we agree to waive any right to a jury trial and have such matter resolved by a judge (also known as a bench trial).

9.10 Forum Selection. Unless you and Coinbase agree otherwise, to the maximum extent permitted by applicable law, the state and federal courts in New York, New York (except for small claims courts, in which case you and we agree to resolve our Disputes in a small claims court of competent jurisdiction) will have exclusive jurisdiction over any Dispute that is not subject to arbitration or over any action involving the applicability or enforceability of the Dispute Resolution section 7 or any portion of the Dispute Resolution section (including the Arbitration Agreement, Appendix 5). You and Coinbase consent to the exclusive jurisdiction of these courts and waive any objections as to: (1) personal jurisdiction or (2) the laying of venue in such courts because of inconvenient forum or any other basis or right to seek to transfer or change venue of any such action to another court.

Five lawsuits have been filed against Coinbase in response to the breach since then: all class action, none before May 15, two outside of New York.

Posted:

Alex Mashinsky has been sentenced to twelve years in prison for his Celsius fraud, which culminated in the mid-2022 collapse of his US-based cryptocurrency lending firm with customers suffering losses of more than half a billion dollars.

Posted:

Prosecutors have requested Alex Mashinsky, CEO of the collapsed Celsius cryptocurrency company, be sentenced to at least twenty years in prison for his "sustained, calculated campaign of deceit carried out over years, targeting ordinary people."

Prosecutors say that such a severe sentence is necessary not only for deterrence, but because despite his guilty plea, Mashinsky has not fully accepted responsibility for his actions.

Sentencing guidelines recommend a 30 year sentence, which is only because of the statutory cap resulting from his guilty plea agreement; otherwise the recommendation would be life. Mashinsky has argued he should be sentenced to no more than a year in prison. Sentencing will happen on May 8.

Posted:

Quote from man sued: "What are you gonna do, sue me?"

Kevin O'Leary has sued crypto personality Ben Armstrong (aka "BitBoy Crypto") for repeatedly claiming O'Leary murdered two people.

27. On March 19, 2025, Armstrong unleashed another tweet accusing O’Leary of committing “actual crimes”: “Doesn’t everybody think it’s weird that I’ve been publicly calling … @kevinolearytv [a] murderer[] and yet not a single word or legal action? It’s almost like they ‘can’t’ because a lawsuit would open up their actual crimes and they know it.”

(O'Leary and his wife were indeed involved in a boating collision that killed two people in 2019; O'Leary states in the lawsuit that it was his wife driving the boat, and she was acquitted of any charges.)

BitBoy also suggested that O'Leary was trying to have him killed, and claimed he'd swatted him. Shortly after, he posted O'Leary's cell phone number and encouraged his followers to "call a real life murderer"

Armstong launched his defamatory campaign on March 17, 2025. On that day, he posted the following: “You guys think I’m kidding about all this stuff and all these claims. There is a reason my life is actually in danger. Kevin O’Leary has already verifiably murdered one couple in Toronto.” Over 30,000 people viewed this tweet.

Tweet screenshot:
The BitBoy
@BenArmstrongsX
You guys think I'm kidding about all this stuff and all these claims.
There is a reason my life is actually in danger.
Kevin O'Leary has already verifiably murdered one couple in Toronto. You don't think Mr One-To-2-Inch would try to kill the old BitBoy?
He SWATTED me once
Tweet screenshot:
The BitBoy
@BenArmstrongsX
Hey @kevinolearytv, what the fuck are you going to do with me?
You can't sue me. You can't stop me. You can't shut me up.
I'm a rabid dog with my teeth sunk deep into your leg.
Your usual tricks don't work.
Going to be hard to put the rabid dog down with everyone watching.

Amusingly, BitBoy once tried to file a defamation lawsuit of his own against a YouTuber who called him a "shady dirtbag". He dropped the suit almost immediately after the YouTuber raised over $200,000 for his defense, and Armstrong admitted he didn't know lawsuits were public.

It's not clear that BitBoy even knows he's been sued yet; he was arrested two days ago after sending threatening emails to the judge in a different defamation case he's facing from his former business partners after he publicly accused them of various crimes.

Read:
EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk's Department of Government Efficiency (DOGE) from accessing the private information of millions of Americans that is stored by the Office of Personnel Management (OPM), and to delete any data that has been collected or removed from databases thus far.
Posted:

taking psychic damage reading the lawsuit by Justin Sun’s Bit Global against Coinbase

COINBASE’S NONEXISTENT LISTING “STANDARDS” 62. While Coinbase claims to have made the decision to delist wBTC to adhere to the company’s “listing standards,” the truth is that Coinbase has virtually no standards for what can be listed at all. Around the same time that it was delisting wBTC, Coinbase has onboarded various “memecoins” which unlike wBTC have no inherent value other than demand created by their memetic potential as jokes. The decision to allow users to trade these memecoins makes clear that Coinbase did not delist wBTC because of any listing standard, but because Coinbase coveted wBTC’s market share and wanted it for itself. 63. On November 13, 2024, Coinbase announced that it was listing a memecoin called PEPE, named after a controversial picture of a cartoon frog which has been identified as a hate symbol and/or a “racist frog.” The coin is promoted to “Dank Meme Enjoyoors” with an official website that purports to perform an “Autism Test” on their computers to ensure that the user’s autism is over 9,000 before proceeding.17

i have to respect the argument that “memecoins... unlike wBTC have no inherent value other than demand created by their memetic potential as jokes”. your honor, wBTC’s lack of inherent value is for a different reason entirely