- Investor sues ‘unethical’ crypto firm Coinbase over lax security measures
- Jared Ferguson says the company should have done more to stop fraudsters stealing his savings
- Ferguson has been targeted by an increasingly common ‘SIM card swapping’ scam
An investor who lost $96,000 after being the target of a cruel ‘sim swap’ scam is suing the cryptocurrency company where his money was stored.
Jared Ferguson said the loss amounted to around ‘90%’ of his savings as he hit out at ‘immoral’ and ‘unethical’ company Coinbase.
Ferguson alleges that the crypto exchange’s security measures are too lax because the scammers were able to authorize the high-digit transaction on his account.
He is seeking damages totaling at least triple what he lost, according to the lawsuit filed Monday in U.S. District Court for the Northern District of California.
Ferguson, from New York, received a notification from his mobile carrier T-Mobile saying he had requested a new SIM card.
He contacted the company to warn him that he had not authorized the request, in which case the representatives told him that he would have to replace his SIM card.
After that, he restored his iPhone to find that thieves had stolen $96,000 from his Coinbase wallet.
The sophisticated scam sees criminals posing as their victim, telling their mobile operator that they have lost their SIM card and need a new one urgently.
The new card then gives them access to the victim’s calls and texts, allowing them to bypass two-factor authentication protections for banking apps.
And by the time the mobile operator has alerted the victim that a new SIM card has been ordered in their name, the scammers have had enough time to gain full access to their financial accounts.
After contacting Coinbase, Ferguson was informed that he was “solely responsible” for the security of his access codes and devices.
But in his complaint, he accuses Coinbase’s security measures of being so weak that they are not “commercially reasonable”.
He also criticized the company as “immoral, unethical, oppressive, unscrupulous, impermissible, substantially harmful to the general public and offensive to public policy”.
This comes as cases of SIM swapping scams are skyrocketing around the world.
In 2021, several well-known American musicians, sports stars and influencers were targeted by hackers who compromised their SIM cards.
Their identities remained anonymous, but lawmakers noted that many of them were famous.
Eight British men have been arrested for the series of crimes.
And in 2019, 21-year-old Boston resident Joel Ortiz was jailed for targeting 13 victims in a SIM swapping scam.
This was believed to be the first-ever arrest and conviction in the United States for this crime.
Coinbase was founded by so-called “king of crypto” Brian Armstrong.
Its offices were previously in San Francisco, but staff are now working permanently from home.
On his Twitter bio, Armstrong says he’s “creating more economic freedom in the world.”
The latest lawsuit comes as Coinbase is already under pressure from the Better Business Bureau for providing poor customer service to hack victims.
Its legal policy states that it “does not cover losses resulting from unauthorized access to your personal Coinbase or Coinbase Pro accounts.”
And the company is also suffering from the beleaguered reputation of the cryptocurrency industry, which came to a head in November 2021 when FTX boss Sam Bankman-Fried was arrested for allegedly siphoning billions from customer funds.
Bankman-Fried is accused of using the money to back his hedge fund Alameda Research, buy lavish properties in the Bahamas and make huge political donations.
How does SIM swapping work?
A SIM card swap scam – also known as a SIM card hack – occurs when crooks take advantage of a weakness in your digital security involving your phone.
Many people use a two-factor authentication and verification step to protect their online accounts that requires a text message (SMS) or a call to your mobile number to confirm a transaction.
Fraudsters who want to access your account may try to do so by stealing your number, which is attached to your SIM (subscriber identity module) card.
To do this, they collect as much personal information about you as they can get and engage in “social engineering”.
Then, pretending to be you, they call your mobile operator claiming to have lost or damaged their (your) SIM card. They then ask customer service to activate a new SIM card in their possession, or they may claim to want to switch to another device.
After taking control of your phone number, fraudsters can access your communications with banks and other organizations, especially your text messages.
This means that they will receive any codes or password resets sent to this phone for your accounts.
From there, they can do a lot of damage like copying contacts, hacking social media profiles and transferring your money to other bank accounts.