Victims of the $55 million Dai phishing scam in 2024 are suing Coinbase in federal court, alleging the exchange refused to return the funds despite freezing the assets.
An anonymous crypto whale based in Puerto Rico filed a lawsuit against Coinbase in federal court in San Francisco this week, alleging that the largest exchange in the U.S. refused to return stolen assets despite identifying and freezing them since late 2024. The lawsuit highlights a pressing legal question in the crypto industry: to what extent is a centralized exchange responsible when stolen assets find their way to its system?
The information in the lawsuit shares many similarities with a large-scale phishing attack that occurred in August 2024, first detected by on-chain investigator ZachXBT . In that case, a user lost over $55 million in Dai stablecoins after falling victim to a fake login page impersonating DeFi Saver, the cryptocurrency asset management tool the victim was using, created by the Inferno Drainer platform.
The key factor preventing the victim from realizing the spoofing was that the website's domain name ended in ".app" instead of ".com". The hackers immediately transferred the Dai through multiple wallets and began laundering the money through coin mixing services.
Coinbase confirms freezing assets but refuses to return them.
Following the attack, the plaintiff stated that they hired several on-chain investigative firms to trace the funds. Investigators eventually located the assets in a Coinbase account, and by early December 2024, the exchange confirmed that it had identified the assets and would freeze them pending investigation.
However, after more than a year and a half, the plaintiff claims to have still not received the assets back, and Coinbase has reportedly stated that it will not return them without a court order. Coinbase has not issued an official response prior to the publication of this article.
Coinbase's stance of freezing assets but awaiting a court order before returning them reflects the legal dilemma frequently faced by centralized exchanges. On one hand, returning assets without a court order could leave the exchange legally liable to the current account holder. On the other hand, refusing to return assets when it has been clearly determined that they were stolen raises questions about the obligation to protect users.
The outcome of this lawsuit could set an important precedent, forcing centralized exchanges to clarify their policies for handling stolen assets, a legal gap that has Dai in the industry since large-scale hacks became commonplace.
