A few days before Christmas last year, Philip Martin sat down at his computer to check his cryptocurrency balance. It was the beginning of what would become, for him, a permanent nightmare.
Martin told NBC News he thought he was typing in the web address of his cryptocurrency exchange, Coinbase, the largest and most well-known company for consumers to store their digital money. But in fact, he says, the hackers had spoofed the URL, modifying it so slightly that it even tricked his web browser into auto-filling his username and password.
The crooks now had all the information they needed to steal his savings – and they did. Martin has become the latest victim of what has been a wave of cryptocurrency hacks and thefts, a wave that experts say raises questions about the need for better regulation.
“It was very frustrating,” said Martin, who lost $165,000 from Ethereum, a popular cryptocurrency. “I had panic attacks.”
Martin said he was able to trace where the thieves transferred his stolen crypto, since all Ethereum transactions are published on a public ledger. He contacted local and federal law enforcement. But to add insult to injury, the FBI’s Los Angeles field office eventually told her that her loss wasn’t significant enough to warrant an investigation.
“Unfortunately, due to the dollar amount involved in your complaint, management has determined that it does not meet our required threshold and the FBI will not be investigating at this time,” Special Agent Elizabeth wrote. Hammond, in an email Martin provided to NBC News.
Laura Eimiller, spokeswoman for the FBI’s Los Angeles field office, said she would not comment on any specific cases.
“As with many prolific and evolving schemes, we’re not going to stop or sue to get out of it,” she said. “Whether it’s individuals or businesses, education is key. We urge people to visit IC3.gov (The Internet Complaint Center) to familiarize themselves with the latest trends.
Martin also blames Coinbase, which advertises itself as a “secure online platform for buying, selling, transferring and storing cryptocurrency.”
“Coinbase is basically saying they are not responsible and each user is responsible for securing their own device, laptop or phone,” he said. “These crypto exchanges don’t have any regulations that require them to be on the side of the customer and provide protection to help in these types of situations that I believe they are responsible for, for not providing enough cybersecurity by themselves- same URL address.”
A Coinbase spokesperson would not comment on the specific case, saying in a statement that “Coinbase customers should also beware of phishing attempts and never click on any link or engage with an email. that is not from the Coinbase.com domain”.
The company added that “scams, fraud and other crimes can have a significant impact on customers, and we take extensive security measures to ensure the security of our customer accounts. We regularly update our customers on how to avoid cryptocurrency scams and report known scams to the appropriate law enforcement authorities. We encourage all of our customers to take strong steps to secure their online accounts.”
The type of scam that hit Martin isn’t the only way consumers have lost cryptocurrency. In several cases, crypto exchanges have been hacked. The most famous of these was the Bitfinex breach in 2016, where hackers stole Bitcoin valued recently at $4.5 billion. In February, the Department of Justice announced that it had recovered $3.6 billion.
One analyst has counted at least 46 exchange hacks since 2012. The value of the losses is difficult to quantify given the fluctuation in value of various cryptocurrencies, but it appears to be in the billions of dollars.
In a recent such hack, crypto-trading platform Bitmart pledged to use its own money to repay customer losses of up to $196 million.
Lawyer Urzula McCormack, partner at Hong Kong-based King & Wood Mallesons, specializing in cross-border finance and technology, says the threat picture is actually better than it was when crypto was appeared for the first time.
“There is no doubt that there are also areas where people are vulnerable,” she said. “There is a very significant degree of scam activity that happens. And we also have very regular hacking risks that happen that you really need to protect yourself against.
In March, President Joe Biden issued an executive order to urge government agencies to act to protect consumers from crypto-related risks, and dozens of bills are pending in Congress that would regulate crypto to a degree or to another.
Some countries have banned ads for crypto investments, McCormack said, but these were highlighted in the United States during the Super Bowl, highlighting interest in crypto as an investment.
But Martin calls for caution.
“I think there’s a lot of potential,” he said. “I just think right now I’m personally hesitant to invest until there are better consumer protection laws.”