Cryptocurrency exchange Coinbase was sued in California federal court over frozen crypto allegedly tied to a $55 million DAI phishing theft from August 2024.
The complaint, filed Monday in a San Francisco federal court, alleges that after laundering the proceeds through crypto mixer Tornado Cash, the attacker deposited part of the “traceable stolen funds” into a Coinbase retail user account, where the funds remain frozen.
The Puerto Rico-based plaintiff is asking the court to declare him the rightful owner of the frozen assets and order Coinbase to return them. The lawsuit also names an unknown John Doe defendant accused of carrying out the theft.
The lawsuit questions the responsibility of cryptocurrency exchanges in handling stolen funds that were traceably sent to these platforms after an exploit. The complaint claims that Coinbase has “acknowledged” that it holds these traced funds and has “indicated that a court order adjudicating ownership is required before it will release the frozen assets.”
The case highlights a problem in crypto theft recovery where exchanges may freeze suspected stolen funds after receiving alerts, but often require a court order before releasing assets to a claimant.
The lawsuit comes nearly two years after an exploiter stole $55 million in Dai stablecoins through a sophisticated phishing attack that deceived the victim into clicking a malicious link to a fraudulent DeFi Saver login, authorizing the attacker to gain access to his account and wallets.
Cointelegraph has reached out to Coinbase for more details surrounding the stolen funds and the path towards user recovery.
Coinbase sued for funds linked to the $55 million DeFi Saver hack. Source: CourtListener
Crypto wallet drainer was used to facilitate $55 million exploit
The $55 million exploit was carried out using the malicious Inferno Drainer platform, which offers a scam-as-a-service malware for malicious actors seeking to facilitate digital asset theft without the need to exploit code-level protocol vulnerabilities.
In addition to notifying law enforcement, the victim contracted crypto analytics platforms Zero Shadow and Five Stones intelligence to trace the stolen crypto. The companies found evidence linking the laundering of the funds to Ukrainian citizen Okelsiy Oleksandrovych Gorelikhin.
On Nov. 30, 2024, Zero Shadow notified Coinbase that stolen funds linked to the theft had been deposited into a Coinbase address, asking the exchange to conduct due diligence and freeze the assets.
On Dec. 2, 2024, Coinbase confirmed that the address belongs to a Coinbase retail user and that it implemented “friction measures” preventing dissipation of those funds pending investigation.
The court filing argued that the stolen cryptocurrency held in the Coinbase account was “identifiable property traceable to Plaintiff’s stolen assets” and added that the defendant had previously demanded the return of the assets.
Related: Arbitrum voters consider $71M ETH release for Kelp recovery
The year 2024 was a breakout year for scam-as-a-service tools, with usage of Inferno Drainer tripling in the first half of the year, rising from roughly 800 malicious decentralized applications created at the start of the year to over 2,400 by the end of it, according to blockchain security firm Blockaid.
Magazine: AI-driven hacks could kill DeFi — unless projects act now
