news

Coinbase Sued Over Frozen Crypto Linked to $55M DAI Phishing Theft

Nidhi Saini
Published: May 6, 2026
(Updated: May 6, 2026)
5 min read
Coinbase Sued Over Frozen Crypto Linked to $55M DAI Phishing Theft

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Coinbase faces lawsuit over frozen funds tied to a $55M DAI phishing attack.
  • Plaintiff claims exchange holds traceable stolen assets but refuses release without court order.
  • Funds were allegedly laundered via Tornado Cash before reaching Coinbase.
  • Case raises broader questions about exchange responsibility in crypto recovery.
  • Lawsuit could shape how frozen funds are handled across the industry.

A new lawsuit against Coinbase is bringing a familiar problem in crypto back into focus - what happens after stolen funds are found. Filed in a California federal court, the complaint centers on a $55 million theft involving the Dai stablecoin. The plaintiff, based in Puerto Rico, claims that part of the stolen funds can be traced directly to a Coinbase account, where they are currently frozen. Despite that, the exchange has not returned the assets. According to the filing, Coinbase has acknowledged holding the funds but has made its position clear. The assets won't be released without a court order that formally determines ownership. That stance is at the core of the dispute. From the plaintiff's perspective, the funds are identifiable and linked to the original theft. From the exchange's side, releasing them without legal confirmation could create its own risks. The case traces back to an August 2024 phishing attack that drained more than $55 million in Dai. The scale of the loss was flagged publicly at the time:

"🚨 $55.43M DAI Phished 🚨
A victim lost $55.43M in DAI after signing a phishing transaction. The drainer re-assigned the ownership of the DeFi Saver Proxy, and within hours, all funds were drained. The stolen assets are now in 5 intermediate wallets." Source

The attacker moved the funds through multiple wallets, attempting to obscure their origin before eventually depositing part of them onto a centralized platform.

How the Funds Were Traced and Frozen

The funds frozen involved months of tracing, analysis, and coordination with third parties. After the attack, the victim brought in blockchain analytics firms to track the stolen assets. Their investigation pointed to laundering activity involving Tornado Cash, a tool often used to break the link between transactions by mixing funds from different users. Despite that, investigators were able to follow a portion of the assets as they moved into a Coinbase account. That's where the situation changed. Once the funds reached a regulated exchange, there was a chance to stop further movement. On Nov. 30, 2024, Coinbase was notified that funds tied to the theft had been deposited into one of its wallets. The exchange responded shortly after, confirming that the address belonged to a retail user and that it had taken steps to prevent the funds from being moved.

  Source

Those "friction measures" effectively froze the assets. Since then, they have remained in place. But freezing funds is only one part of the process. The plaintiff argues that the assets are clearly identifiable and should be returned. The exchange, however, is relying on a stricter standard and requiring a legal ruling before taking action. This gap between technical tracing and legal ownership is where most recovery efforts stall. The lawsuit also names an unidentified defendant, referred to as John Doe, believed to be responsible for the theft. Investigators linked the activity to a suspected individual, but formal attribution remains part of the broader legal process.

READ MORE: Coinbase Faces Backlash Over Prediction Market Notifications Amid Gambling Concerns

The Bigger Issue: Who Decides Ownership in Crypto?

This case goes beyond one exchange or one exploit. It highlights a structural issue that keeps appearing in crypto recovery efforts. When stolen funds are traced to a centralized platform, exchanges often freeze them quickly. That part works but returning those funds is a different story. Without a clear legal framework, platforms tend to defer to courts to avoid liability. From a user's perspective, that can feel like a deadlock. The funds are found but not accessible. From an exchange's perspective, acting without a court order could expose them to competing claims or legal challenges.

The Coinbase case puts that tension into the spotlight. It also reflects how phishing attacks have evolved. The $55 million theft wasn't the result of a protocol bug or smart contract failure. Instead, it relied on social engineering - tricking the victim into signing a malicious transaction through a fake interface. Tools like Inferno Drainer, often described as "scam-as-a-service," have made these attacks more accessible. They allow bad actors to run large-scale operations without needing deep technical expertise. That shift has contributed to a rise in high-value phishing incidents across the industry. Even when funds are successfully traced, recovery is rarely straightforward. Each step introduces a new layer - technical, legal, or jurisdictional.

Final Thoughts 

In this case, the court will now decide whether the plaintiff has a valid claim to the frozen assets. If the ruling goes in their favor, it could set a precedent for how exchanges handle similar situations in the future. If not, it may reinforce the current approach, where courts remain the final authority on ownership disputes. Either way, the outcome will likely influence how both users and platforms approach security, recovery, and responsibility.

READ MORE: SEC Delays Prediction Market ETFs Over Risk and Structure Concerns

Related Topics

#Coinbase#DAI Phishing Theft#Hacking#Crypto news

About the Project

Crypto News

About the Author

Nidhi Saini

Nidhi Saini

Nidhi Saini is a writer and co-founder of CotiNews, with over four years of experience working in Web3 marketing. She brings a practitioner’s perspective to her writing, shaped by years spent understanding how blockchain products are positioned, communicated, and adopted. As a co-founder, she is also involved in shaping the platform’s editorial direction, ensuring the publication stays thoughtful, credible, and grounded.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.