Important Fraud Warning: Scammers are impersonating Levin Law, P.A. and our attorneys, falsely offering cryptocurrency recovery in exchange for upfront payments. Levin Law, P.A. will never ask for payment for cryptocurrency recovery.

Coinbase Recovery Attorney

Fighting for Coinbase Account Hacking Victims Nationwide

Hackers have again targeted one of the world’s largest cryptocurrency exchanges, Coinbase Global, Inc. (COIN). The platform has acknowledged multiple data breaches that have affected both customers and employees. In some cases, the security failures have cost customers tens of thousands of dollars. Coinbase is currently facing litigation regarding these data breaches.

You can take legal action against Coinbase if your account was hacked. While Coinbase’s User Agreement often requires disputes to be resolved through binding arbitration rather than a traditional courtroom trial, you can still pursue a recovery claim. These claims typically include negligence in failing to prevent unauthorized access, violations of the Electronic Fund Transfer Act (EFTA), and failure to provide adequate security for sensitive customer data.

The national securities and cryptocurrency law firm, Levin Law, P.A., is investigating claims related to Coinbase account hacking. Aggrieved customers are strongly encouraged to contact Levin Law, P.A.’s founder and managing attorney Brian Levin at (305) 402-9050 to schedule a free case evaluation. 

What Is Coinbase?

Coinbase Global, Inc. (“Coinbase”) is a cryptocurrency exchange platform where customers can buy, sell, transfer, or store their cryptocurrency. The company was founded in 2012 and has grown to be one of the largest cryptocurrency exchanges in the world.

According to the platform’s website, it has over 4,700 employees worldwide and operates in over 100 countries. Additionally, Coinbase notes that there are $295 billion in quarterly volume traded and $516 billion in assets on the platform.

Previous Coinbase Hacks

Coinbase has reportedly been hacked multiple times. Despite multiple security failures over the past few years, the crypto exchange platform continues to tout its safety and security features. Previous hacks include:

  • March and May 2021: A letter provided by the California Office of the Attorney General and reported on by Reuters notes that in March and May of 2021, at least 6,000 Coinbase customers had their accounts compromised. The letter explained that funds were removed from customer accounts by a third party who obtained unauthorized access. In addition to removing funds from customer accounts, hackers were able to access confidential information such as dates of birth, email addresses, IP addresses, transaction history, and more.
  • May 2022: As noted by CoinDesk, A customer of the San Francisco-based company reportedly lost $96,000 through a SIM-Card hack. The customer is reportedly suing Coinbase for violating the Electronic Fund Transfer Act and the California Uniform Commercial Code. 
  • February 2023: Coinbase employees were reportedly targeted in an SMS phishing campaign. According to TechCrunch, the cybersecurity attack was likely perpetrated by well-known hackers “0ktapus.” 0ktapus allegedly targeted over 130 organizations in 2022. The unauthorized access allowed the hackers to view internal information, including employee contact data. 
  • December 2024: A security incident involving "insider wrongdoing" began that went undetected for months. Hackers used stolen employee credentials to access customer account data, leading to a wave of unauthorized withdrawals.
  • May 2025: Coinbase disclosed a massive data breach affecting nearly 70,000 customers. The incident involved rogue overseas support contractors who were allegedly bribed to exfiltrate sensitive data, including government ID images and bank account identifiers. This breach reportedly led to hundreds of millions in subsequent phishing losses.

In some cases, Coinbase has refused to refund any of the money removed from customer accounts as a result of hacking. The crypto exchange is facing litigation by aggrieved customers.

How Coinbase Accounts Get Hacked

As of 2026, cybercriminals have streamlined their methods for infiltrating digital wallets, often combining "old school" social engineering with modern data breaches.

SIM-Swap Attacks and Two-Factor Authentication Failures

In a SIM-swap attack, a hacker convinces your mobile carrier to transfer your phone number to a device they control. Once they own your number, they can bypass SMS-based two-factor authentication (2FA) to reset your Coinbase password and drain your assets in minutes.

Phishing, SMS Attacks, and Employee Data Breaches

Many hacks stem from "insider" vulnerabilities. In 2024 and 2025, major incidents involved hackers bribing or tricking overseas support staff to gain access to internal Coinbase customer tools. This allows attackers to see your personal details, which they then use to launch highly convincing "spoof" phone calls or SMS phishing messages that look exactly like official Coinbase communications.

Unauthorized Withdrawals and Account Lockouts

Users often report witnessing "ghost" transactions where funds are withdrawn to unfamiliar wallets while the user is simultaneously locked out of their own account. These incidents often occur because Coinbase’s automated systems fail to flag suspicious, large-volume transfers that deviate from a customer's typical behavior.

What Laws May Apply to Coinbase Hacking Claims?

Pursuing a claim requires a deep understanding of both traditional financial law and evolving digital asset regulations. We look to several key legal frameworks:

  • Electronic Fund Transfer Act (EFTA): This federal law protects consumers against unauthorized electronic transfers. If Coinbase is considered a "financial institution" under the Act, they may be required to reimburse unauthorized losses.
  • State Consumer Protection Statutes: Many states, like California and Florida, have robust laws that penalize companies for "unfair or deceptive" security representations.
  • Negligence: We argue that Coinbase failed to implement reasonable security measures, such as "withdrawal allow-listing" or mandatory hardware-key 2FA, that could have prevented the theft.
  • Failure to Safeguard Customer Data: When rogue employees or poor internal controls lead to a data breach, victims may have claims for the exposure of their PII (Personally Identifiable Information).
  • Securities Law Violations: When applicable, we investigate if the platform's handling of certain "staked" assets or unregistered securities contributed to the loss of investor protections.

Coinbase Compliance-Related Failures

As of January 2026, recent Coinbase fines include €21.5 million from Ireland's Central Bank for failing to monitor over €176 billion in transactions. The UK added £3.5 million for letting high-risk customers slip through onboarding. Coinbase's total fines now top $181 million.

As reported by FinTech Futures, Coinbase was ordered to pay a $50 million penalty by New York State’s Department of Financial Services for “significant” compliance failures. The regulatory agency found that a number of Coinbase’s internal systems were inadequate, making the crypto exchange vulnerable to “serious criminal conduct.” Coinbase was ordered to pay an additional $50 million into its compliance systems.

In January 2023, the company was fined $3.6 million by the Dutch central bank (DNB) for failing to register its services to customers in the Netherlands, according to Markets Insider. The fine came after Coinbase had failed to comply with the bank’s regulations or pay any supervisory fees. 

The New Jersey Office of the Attorney General and the Division of Consumer Affairs issued a cease and desist order against Coinbase on June 6, 2023, for violation of Securities law. In addition, it assessed a $5 million penalty. The statement indicated that the penalty was imposed as a result of the crypto exchange platform engaging in the sale of unregistered securities. 

Pursuing Legal Action Against Coinbase

While the cryptoeconomy is still in its infancy, exchanges must still comply with many state and federal securities laws. Failure to comply with these laws can result in civil penalties and cause preventable harm to consumers. 

In many cases, compliance-related failures are at the root of data breaches and other security-related attacks. Therefore, if you were the victim of a Coinbase hacking incident, you might be able to take legal action.

It is imperative to discuss your case with a cryptocurrency lawsuit attorney who can help you understand your rights. A lawyer may be able to pursue a legal claim on your behalf in order to help recover your losses.

Nationwide Representation for Crypto Victims

Levin Law, P.A. provides nationwide representation. Because most Coinbase disputes are handled through arbitration (such as the American Arbitration Association), we can represent you regardless of which state you live in. We have the technical resources to trace stolen assets on the blockchain and the legal experience to take on multi-billion dollar corporations.

At Levin Law, P.A., we have recovered over $150 million for victims of cryptocurrency hacks.

Contact Levin Law Today for a Free Case Evaluation

If you sustained losses due to your Coinbase account being hacked, contact Levin Law, P.A. at (305) 402-9050 to schedule a free case evaluation. Levin Law, P.A.’s founder and managing attorney, Brian Levin has helped to recover millions of dollars on behalf of defrauded investors. He is experienced in handling complex litigation nationwide.

Coinbase customers and employees are encouraged to contact our office. Most cases are handled on a contingency fee basis, meaning that you do not pay Levin Law, P.A.'s attorney fees unless money is recovered on your behalf. 

Coinbase Hacking FAQs

Can Coinbase be held liable for hacked accounts? 

Yes. If the hack was made possible by Coinbase’s internal security failures, data breaches, or negligence in responding to suspicious activity, they can be held liable through arbitration.

Does Coinbase have to refund stolen cryptocurrency? 

While Coinbase’s policy often states they are not liable for user-side errors, they have been forced to reimburse customers in cases where the breach was caused by a flaw in Coinbase’s own systems (as seen in the 2021 2FA exploit).

What if my Coinbase account was hacked through a SIM swap? 

In SIM swap cases, you may have a claim against both Coinbase (for failing to flag the suspicious withdrawal) and your mobile carrier (for allowing the unauthorized SIM transfer).

Can I sue Coinbase even if they blamed the user? 

Yes. Coinbase frequently blames "phishing" or "user negligence" to avoid responsibility. However, many "phishing" attacks are only successful because Coinbase’s own data was leaked first, giving the hackers the information needed to trick the user.

How long do I have to file a claim against Coinbase? 

Statutes of limitations vary by state but are generally between two and four years. However, the Coinbase User Agreement may have shorter "notice" periods for reporting errors, so you must act immediately.

What evidence do I need for a Coinbase hacking lawsuit? 

You should preserve all SMS messages from Coinbase, emails, transaction IDs (TXIDs), and any "account locked" notifications. A forensic blockchain report tracing your funds is also vital evidence we help provide.

Get in Touch
Complete the form below to get started with your free consultation today!

"The law firm of Levin Law helped me recover money from a hacker attack. Both Kaki and Brian were pleasant to work with and they explained what was happening every step of the way."

 Iris C.

"Levin Law is absolutely AMAZING! They took on my case when no other firm would. They guided me every step of the way and fortunately got me a great outcome. They truly care about their clients."

 Alex H.

"The staff personnel were very professional, courteous and very helpful in explaining various documents to be signed. I was kept informed of the progress of my case in a timely manner."

 Sam D.

Practice Areas

Menu
close

Get the financial security and compensation you deserve. Contact Levin Law today.

Miami Office
2665 South Bayshore Dr, PH2B
Miami, Florida 33133
(855) 980-0231
Bloomfield Hills Office
41000 Woodward Ave, Ste 350
Bloomfield Hills, MI 48304
(248) 270-7338
Oakland Office
344 20th Street
Oakland, CA 94612
(248) 270-7338
Washington, D.C. Office
14 Ridge Square NW, Suite 300
Washington, D.C. 20016
(248) 270-7338
The information on this website is for general information purposes only. Nothing on this site should be taken as advice for any individual case or situation. This information is not intended to create, and receipt or viewing does not constitute client relationship.
uploadcrossmenuchevron-uparrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram