Aaron M. Cohn, partner with Weinberg Wheeler Hudgins Gunn & Dial. Courtesy Photo
You receive a text from your crypto wallet custodian, such as Coinbase or Gemini, claiming a fraudulent transaction has occurred on your account. Some detail related to the transaction is provided. You do not recognize the transaction and respond indicating fraud and that you would like to speak to a representative, who promptly calls you. The representative has your personal information, asks you to confirm certain details, then instructs you to report the code just sent to your phone to confirm your identity. You do it—and you’ve been hacked.
The code was generated by the scammer’s online attempt to reset the password for your account to gain access through the two-step authentication process. Once you provide the code, the fraudster can access the account and execute transactions. When you are finally able to sort out what happened, the account has been cleaned out and—because of the nature of the blockchain—there is no way to recover the stolen crypto or track down the fraudsters, many of whom operate outside of the United States in jurisdictions with no accountability. Even worse, your crypto wallet custodian or broker denies any responsibility because, under the user agreements, you are purportedly responsible for the security of your account.
