Cryptocurrency exchange Coinbase, launched in 2012, is considered to be one of the largest exchanges operating in the United States — and the most trusted. However, an alleged wrongdoing back in December 2017, caused a long court procedure, the outcome of which is still vague and uncertain.
It’s all fun and games until a hard fork
On March 1, 2018, an Arizona citizen and trader named Jeffrey Berk filed a lawsuit in the Northern District Court of California on behalf of exchange users who found themselves in a similar situation, accusing Coinbase of sharing misleading information and — most importantly — insider trading, both of which allegedly resulted in mass losses of funds.
It started when the Bitcoin community was about to split the chain. At the end of July 2017, right before the hard fork, Coinbase declared that it would not support the new coin — i.e., Bitcoin Cash (BCH) — since it was hard to predict for how long it would survive and what its market value would be in the future.
A hard fork is an update to a blockchain performed in order to improve it, get rid of bugs that could have popped up, or to add new features. Eventually, the chain splits in two, and a new cryptocurrency appears. This is what happened to Bitcoin, the first and the largest cryptocurrency that was introduced in 2008 “as a response to the financial crisis.” And so, in mid-2017, Bitcoin Cash was born.
Communication is key
Coinbase made several confusing statements about adding Bitcoin Cash to its platform, which eventually led the company to court. Following the declared policy toward the hard fork, Coinbase advised its users to withdraw their Bitcoin from the exchange before the split if they wanted to trade BCH because withdrawals would not be possible after the hard fork. However, in August, the exchange announced that users would be allowed to withdraw their BCH, but not earlier than Jan. 1 of the next year.
The reason for this was that, “in order to safely and securely access bitcoin cash, Coinbase would need to undertake a process of designing and testing significant changes to our systems — including hot and cold storage,” according to a now-delete tweet from Coinbase that was quoted in the lawsuit. At that time, the platform still did not intend to support the new coin, as the court document stated, “Coinbase had announced its intention that customers benefit to the extent possible from hard forks.”
Yet, soon after the hard fork, Coinbase’s director of communications, David Farmer, wrote in a blog post that Coinbase would eventually add BCH, as it had considered customer demand, the network’s security and other factors — but again, not until Jan. 1, 2018. Nonetheless, Coinbase changed the schedule and decided to add the currency on Dec. 19, but the exchange failed to give its customers any advanced notice, while employees were informed that the currency would be added to the exchange earlier than planned, according to the lawsuit.
A trap for traders
Coinbase unexpectedly opened its books for buying and selling Bitcoin Cash just minutes after announcing it. According to the lawsuit, Coinbase is not denying that certain people were tipped off in advance. This means that the situation, which came suddenly for everybody else, was especially beneficial for the insiders.
The lucky traders obtained BCH for fair prices and thus thinned the liquidity, leading to rapid artificial inflation. After a short period of time, within which insiders were able to sell their funds, the exchange stopped all BCH trading, leaving all the other customers with nothing but confusion. The next day, Coinbase repeated the same sequence of actions.
According to the lawsuit, the plaintiff (i.e., Berk) attempted to purchase BCH five minutes after the announcement, but his orders were not executed until about 20 hours later. The next day, Berk found out that his order was finally executed and that he had purchased BCH at the inflated price of $4,200.98 per BCH, which was 100% more than the price at which he placed his buy order.
Negligence rather than fraud and unfair competition
The mishandling of Bitcoin Cash’s launch became one of the reasons for the token’s more than 130% rise in price — from $1,865 on Dec. 18, it jumped to $4,300 by Feb. 20. On Dec. 20, the 24-hour transaction volume spiked up to $12,047,600,000, as seen in the chart below. To date, this record has yet to be broken.
In a blog post, CEO of Coinbase Brian Armstrong stressed that “all Coinbase employees and contractors were explicitly prohibited from trading Bitcoin Cash” and also that the disclosure of nonpublic information was not allowed. However, seeing the price fluctuation, Armstrong claimed that an internal investigation would be carried out. “If we find evidence of any employee or contractor violating our policies — directly or indirectly — I will not hesitate to terminate the employee immediately and take appropriate legal action,” Armstrong wrote in the same blog post. To date, neither Armstrong nor Coinbase has disclosed the results of the investigation.
As Cointelegraph has described, the actions of Coinbase have not yet been determined to be fraudulent. U.S. District Court Judge Vince Chhabria concluded:
“The complaint does not sufficiently explain how the launch manipulated the market for Bitcoin Cash or for Bitcoin. Nor does it plausibly or coherently describe Coinbase and Armstrong’s motive to manipulate the prices.”
The judge granted the defendants’ motion to dismiss the claim of fraud as well as the claimed violation of California’s Unfair Competition Law, which means that the case will now move forward as a negligence lawsuit.
We are in the midst of discovery
On Aug. 9, the court published a stipulation postponing the deadline for Coinbase to answer to the complaint. In an email to Cointelegraph, Lynda Grant, who represents the plaintiff in the case, explained:
“Defendants are now required to make a filing responding to the allegations of the complaint that was filed last year. They need to respond to those allegations by admitting, denying or indicating that they do not have sufficient information to respond to them. They are also required to assert certain affirmative defenses that they may have to the claims. We are very early in the case, and expect many more hearings and orders.”
With regard to the potential outcome, Grant emphasized that the plaintiff is currently continuing to fight the case but that the outcome is not clear-cut:
“It is too early to know what the outcome of a trial would be. We are currently in the midst of discovery and have pleaded enough even at this point to have sufficiently pled a negligence claim. In a trial of the action, a court or a jury could find negligence on Coinbases’ behalf, and we believe that it will, but it is too early in the case to make a prediction. We believe that the victims, or class members here should eventually receive compensation for their damages.”
Better times are yet to come?
To sum up the judge’s latest statement: Coinbase was incompetent, but it was not maliciously incompetent. Keeping this in mind, class members could still expect the exchange to compensate for their damages, although the trial has not happened yet.
The exchange failed to maintain a functional marketplace and thus financially injured its customers, which makes Coinbase blameworthy in the eyes of many. Liquidity and market capitalization needed for effective trading might have been ensured if Coinbase announced the BCH launch an hour in advance. Neglecting such precautions, the exchange should have expected serious consequences. As for the platform’s future, Grant believes that Coinbase “should institute greater protections in the event of a fork and to ensure that its public statements are accurate.”
Coinbase Security Breach: 3,420 Names, Passwords, And Email Addresses Exposed
It’s been recently reported that Coinbase Custody bought Xapo’s institutional business and this move made the entity the largest custodian in the whole world.
Now, Coinbase is in the news again and this time it’s far from being something positive.
Coinbase exposed user data
The crypto exchange revealed that it accidentally exposed the passwords of 3,420 customers due to a security glitch that took place.
The exchange claims that some of the customers’ registration details have been temporarily stored in plain text files on the internal server of the platform.
“Under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail. Unfortunately, it also meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs,” according to official notes.
On the other hand, the exchange doesn’t think that bad actors found the files. Still, they decided that it’s worth taking precautionary measures just in case anyone accessed the data.
“After we identified and fixed the bug, we traced back all the places where these logs might have ended up. Access to all of these systems is tightly restricted and audited. A thorough review of access to these logging systems did not reveal any unauthorized access to this data,” according to reports from the Daily Hodl who cites official data.
Coinbase also said that they triggered a password reset for all affected users.
Binance was recently hacked
This issue with Coinbase comes right after Binance was hacked and user data was leaked online.
Binance’s KYC data was hacked, and the info has been uploaded into a Telegram Group that’s called “Find Your Binance KYC.”
Barclays Ends Agreement with Coinbase
Barclays, London-based global bank, announced that it has ended its banking ties with US-based cryptocurrency exchange, Coinbase.
The report has it that Coinbase has already found a banking replacement in UK upstart, ClearBank. According to experts, the change in bank will indirectly bother the platform users.
All parties involved (Barclays, ClearBank, and Coinbase) have refused to comment on the ongoing divorce bill.
Why is the banking relationship ending?
The exact reason for Barclay and Coinbase ending their banking relationship remains unknown. Some sources have speculated that the reasons for this break-up might be linked to Barclays getting cold feet about Coinbase crypto clients.
Other sources pointed out that Barclays got uncomfortable with Coinbase’s request to add more cryptocurrencies on its platform for trading. While a crypto expert simply described the Coinbase-Barclays relationship as a pilot relationship that has simply run its course.
It should also be duly noted that Coinbase obtained a bank account with Barclays in early 2018. The collaboration was welcomed by many because crypto-firms can have a tough time getting banking partners. The exchange was also granted an e-money license by the UK Financial Conduct Authority (FCA) and was the first crypto-firm to gain access to FPS.
Barclays and Circle
Coinbase was not the only crypto company to successfully ramp Barclays onboard. In 2016, when the bank was perhaps more enthusiastic about the technology, Barclays said it was working with Circle Internet Financial.
“We can confirm that Barclays Corporate Banking has been chosen as a financial partner by Circle, and we support the exploration of positive uses of blockchain that can benefit consumers and society,” Barclays said.
Barclays and Circle (which has since shifted its focus from retail payments to crypto trading) declined to comment on the status of their relationship.
Last week, Coinbase has announced its support for ALGO token on its Coinbase Pro platform. The token will be available for trading on Coinbase Pro from the 14th of August 2019.
Coinbase Says Security Failure Exposed 3,420 Names, Passwords and Email Addresses
The leading US crypto exchange Coinbase says it accidentally exposed the passwords of 3,420 customers due to a security glitch.
According to the exchange, some of its customers’ registration details were temporarily stored in plain text files on its internal server.
“Under a very specific and rare error condition, the registration form on our signup page wouldn’t load correctly, which meant that any attempt to create a new Coinbase account under those conditions would fail. Unfortunately, it also meant that the individual’s name, email address, and proposed password (and state of residence, if in the US) would be sent to our internal logs.”
Coinbase doesn’t think anyone found the files, but they’re taking precautionary measures in case anyone accessed the data.
“After we identified and fixed the bug, we traced back all the places where these logs might have ended up. We have an internal logging system hosted in AWS, as well as a small number of log analysis service providers. Access to all of these systems is tightly restricted and audited. A thorough review of access to these logging systems did not reveal any unauthorized access to this data.
Additionally, we triggered a password reset for impacted customers, even though a password alone is not sufficient to access a Coinbase account — our device verification emails and mandatory 2FA mechanisms would both have been triggered and blocked any unauthorized login attempts.”
The discovery comes after a potentially major breach on the crypto exchange Binance. The photos of more than 60,000 individual users who sent KYC information to the company have allegedly leaked. The photos were taken between 2018 and 2019.
In addition, a friendly white hat hacker also hacked into Binance Jersey’s Twitter account on Friday. Binance says it will offer a reward to the hacker for exposing a security loophole.
“On August 16, 2019 at 15:00 UTC, a white hat hacker was able to gain access to the @BinanceJE (Binance Jersey) Twitter account by social engineering the email domain name service provider used by Binance Jersey.
The white hat hacker posted a few tweets from the Twitter handle @BinanceJE, then deleted them. The white hat hacker was cooperative and open in his communications with our security team, and we were able to restore the domain name within a few minutes and the Twitter handle a couple of hours later. We will issue a security bug bounty to the white hat hacker, as well as investigate the incident further with our service provider. All funds on Binance.JE are safe. No data was compromised.”