A few days before Christmas last year, Philip Martin sat in front of his computer to check his cryptocurrency balance. It was the beginning of what would become, for him, an ongoing nightmare.
Martin told NBC News he thought he was typing the web address for his cryptocurrency exchange, Coinbase, the biggest and best-known company for consumers to store their digital money. But in fact, he says, hackers had put a bug on the url that sent him to a fake web site, which prompted him to automatically enter his log-in and password.
The crooks now had all the information they needed to steal his life savings — and they did. Martin became the latest victim in what has been a wave of cryptocurrency hacks and thefts, one that experts say raises questions about whether better regulation is needed.
“It’s been very frustrating,” said Martin, who is out $165,000 worth of Ethereum, a popular cryptocurrency. “I’ve had panic attacks.”
Martin said he was able to trace where the thieves transferred his stolen crypto, given that all Ethereum transactions are published on a public ledger. He contacted both local and federal law enforcement. But to add insult to injury, the FBI field office in Los Angeles ultimately told him his loss was not large enough to merit investigation.
“Unfortunately, due to the dollar amount involved in your complaint, management has determined that it does not rise to our required threshold level and the FBI will not be moving forward with an investigation at this time,” wrote Special Agent Elizabeth Hammond, in an email Martin provided to NBC News.
Laura Eimiller, spokeswoman for the FBI’s Los Angeles field office, said she would not comment on any specific case.
“Like with many prolific and evolving schemes, we are not going to arrest or prosecute our way out of this,” she said. “Whether it’s individuals or businesses, education is the key. We urge people to visit IC3.gov (The Internet Complaint Center) to familiarize themselves with the latest trends.”
Martin also blames Coinbase, which bills itself as a “secure online platform for buying, selling, transferring, and storing cryptocurrency.”
“Coinbase is basically saying that they’re not responsible, and every user is responsible to secure their own device, laptop or phone,” he said. “These crypto exchanges don’t have any regulation that’s compelling them to be on the side of the customer and provide protection to help in these type of situations that, in my opinion, they are responsible for, of not providing enough cybersecurity on their own URL address.”
A Coinbase spokesman would not comment on the specific case, saying in a statement that “Coinbase customers should also be wary of phishing attempts and never click on a link or engage with an email that isn’t from the domain Coinbase.com.”
The company added that “scams, fraud and other crimes can have a significant impact on customers, and we take extensive security measures to ensure our customer accounts remain safe. We regularly educate our customers on how to avoid cryptocurrency scams and report known scams to appropriate law enforcement authorities. We encourage all our customers to take important steps to securing their online accounts. †
The kind of scam that befell Martin is not the only method through which consumers have lost cryptocurrency. In several instances, crypto exchanges have been hacked. The most famous of those was the 2016 breach of Bitfinex, through which hackers stole Bitcoin valued recently at an astonishing $4.5 billion. In February, the Justice Department announced it had recovered $3.6 billion of that.
One analyst has counted at least 46 exchange hacks since 2012. The value of the losses is difficult to quantify given the fluctuation in the value of various cryptocurrencies, but it appears to be many billions of dollars.
In one recent such hack, crypto trading platform Bitmart pledged to use its own money to reimburse client losses of as much as $196 million.
Lawyer Urzula McCormack, a partner with Hong Kong-based King & Wood Mallesons specializing in cross-border finance and technology, says the threat picture is actually better than it used to be when crypto first emerged.
“There is no doubt though, that there are also areas where people are vulnerable,” she said. “There is a very significant degree of scam activity that’s occurring. And we also have just really regular hacking risks that occur and really need to be guarded against.”
In March, President Joe Biden issued an executive order designed to prompt action among government agencies to protect consumers from crypto risks, and dozens of bills are pending in Congress that would regulate crypto to one degree or another.
Some countries have banned ads for crypto investments, McCormack said, but such were featured prominently in the US during the Super Bowl, underscoring the interest in crypto as an investment.
But Martin urges caution.
“I think there’s a lot of great potential,” he said. “I just think right now, I personally am hesitant of investing until there’s better consumer protection laws.”