As the technology sector booms with new forms of currency, consumer vulnerabilities skyrocket alongside it. Cybercrime, like the 2025 Coinbase data breach, is a booming industry that cost consumers over $16 billion in 2024 alone. When your information is stolen, and cybercriminals fraudulently cost you, you may feel there’s no hope of recovering your losses. However, the Electronic Fund Transfer Act can help you hold the business that leaked your personally identifiable information accountable. If you were a victim of the Coinbase data breach and social engineering attack, contact our firm immediately for help recovering what you are owed.
Coinbase
Coinbase is a cryptocurrency business that allows customers to trade digital currencies for other assets. With over 100 million users, it is the largest U.S.-based cryptocurrency exchange. In May 2025, the company announced overseas contract employees were collecting and selling personal information to cybercriminals. Concerns mounted when it was revealed that a major data breach started in December 2024, linked directly to Coinbase data and lasting almost 6 months before the company’s May 2025 announcement. Coinbase received a $20 million ransom demand from the unnamed perpetrator(s) to cover up the breach. The company declined to pay the ransom, instead posting a $20 million reward fund for information leading “to the arrest and conviction of the criminals responsible for this attack.” Coinbase says the goal of the hack is to facilitate social engineering attacks.
Social Engineering Attacks
A social engineering attack occurs when an imposter poses as a business or trusted individual to obtain sensitive information. This is also known as “human hacking” because it does not involve digital vulnerabilities. Cybercriminals who successfully obtain personal data may use it to apply for loans, access benefits, and, in the aftermath of the Coinbase data breach, persuade victims to transfer their crypto funds. However, although the consumer appears to consent to the transfer of funds, this is a violation of the Electronic Fund Transfer Act because
The EFTA
The Electronic Fund Transfer Act (EFTA) was enacted in 1978 to clarify consumers’ rights and financial institutions’ responsibilities when money transfers occur. Nearly 50 years later, the financial landscape has developed beyond what lawmakers in the seventies anticipated. However, the core rights that the EFTA promises have perhaps never been more critical, particularly since incidents like the Coinbase data breach highlight vulnerabilities. In social engineering cases, someone transferring funds because a scammer posing as Coinbase misled them is not consenting to a legal transfer.
Damages
Financial institutions which violate the EFTA may be liable for the following forms of monetary damages:
- Actual (compensatory) damages: These represent the actual losses caused by unlawful conduct. For example, funds taken from an account or improperly charged interest.
- Statutory Damages: These damages are outlined in the EFTA itself. Consumers may request between $100 and $1000 regardless of the amount lost, especially following a major data breach like Coinbase’s.
- Treble damages: This class of damages is punitive- meaning it exists to punish the financial organization for failing to act appropriately.
- Attorney’s fees: The EFTA was written to ensure consumers don’t pay the price for a business’s bad behavior. This means that attorneys can recover fees from the company rather than the burden shifting to the consumer.
Contact An Experienced Data Breach Attorney
Contact us immediately if you suffered losses as a Coinbase customer due to the data breach. Our experienced consumer protection attorneys offer free consultations, and Maginnis Howard takes EFTA data breach cases on contingency. That means you don’t pay anything unless we win your case. We represent clients across the Carolinas from our Raleigh, Charlotte, and Fayetteville offices. Visit our contact page to submit an inquiry or chat with a live agent.
