A cryptocurrency whale is suing Coinbase after the exchange allegedly refused to return stolen DAI tokens that were traced to a user account on its platform. The plaintiff claims to have fallen victim to a phishing scam that drained their holdings, with a portion of the stolen funds subsequently identified on Coinbase. The case raises critical questions about exchange liability in asset recovery and the responsibilities of custodial platforms when handling traced stolen cryptocurrency.
How Stolen DAI Reached Coinbase
The plaintiff’s DAI was stolen through a phishing attack, a common vector in cryptocurrency theft where attackers trick users into surrendering private keys or seed phrases. Once the tokens were drained from the victim’s wallet, a portion moved through the blockchain and arrived at a Coinbase user account, where it remained traceable on-chain. The plaintiff subsequently requested that Coinbase freeze the funds and return them. According to the lawsuit, Coinbase declined to do so, setting the stage for legal action over asset seizure and exchange obligations.
Exchange Liability and Regulatory Gray Area
The case highlights an unresolved tension in cryptocurrency custody: whether exchanges have a legal duty to return funds they acknowledge are stolen, or whether they can claim regulatory immunity under current Know Your Customer (KYC) and Anti-Money Laundering (AML) frameworks. Coinbase’s refusal suggests the exchange may be invoking compliance concerns or claiming insufficient evidence to act without court intervention. However, the plaintiff’s ability to trace the funds on-chain creates a factual basis for recovery that differs from traditional financial crime, where stolen assets are often commingled or laundered beyond recovery. The specifics of Coinbase’s stated rationale have not been disclosed.
Implications for Phishing Victims and Asset Recovery
If the plaintiff prevails, the ruling could establish precedent requiring exchanges to cooperate in returning traced stolen assets without formal seizure orders. Conversely, if Coinbase prevails, it may strengthen the position that exchanges cannot be held liable for funds in user accounts, even when those funds are demonstrably stolen. The case also exposes a friction point between decentralized blockchain transparency—where theft is permanently recorded and traceable—and centralized exchange policies that treat user accounts as legally protected regardless of fund origin. Phishing remains one of the largest attack vectors in crypto, affecting both retail and institutional holders.
What Comes Next
The lawsuit’s outcome depends on factors not yet disclosed: the jurisdiction where it was filed, the amount of DAI at stake, and whether Coinbase’s terms of service contain language absolving it of liability for stolen assets. Neither Coinbase’s official response nor the plaintiff’s full legal claims have been made public. The case will likely require discovery into Coinbase’s internal policies for handling stolen funds and whether the exchange conducted its own investigation into the funds’ origin.
