Coinbase refused to pay a $20 million ransom after a separate data breach.
A class-action lawsuit accuses Coinbase of withholding key risk information.
The FCA fined Coinbase $4.5 million for compliance failures tied to the breach.
A global spoofing scheme that siphoned off more than $20,000,000 in cryptocurrency by impersonating Coinbase has been dismantled with help from the exchange itself.
The takedown, carried out by US law enforcement in partnership with Coinbase’s legal and security teams, resulted in the arrest of Chirag Tomar, identified as the ringleader behind the elaborate scam.
While the move is seen as a major step in combating crypto fraud, it comes as Coinbase is battling a separate lawsuit and regulatory scrutiny over a recent data breach and user information leak.
Criminals used phishing and fake sites to steal millions
The operation exploited unsuspecting crypto users by directing them to fraudulent websites mimicking Coinbase’s interface, such as CoinbasePro.com.
These phishing domains collected users’ login credentials and two-factor authentication codes.
In some instances, the scammers even posed as Coinbase support staff, gaining remote access to real accounts and transferring crypto assets in minutes.
One victim reportedly lost $240,000 in a single incident. The total stolen amounted to over $20,000,000 before blockchain analysis enabled investigators to trace transactions and identify Tomar.
The US Secret Service led the operation, with Coinbase providing critical forensic evidence, identifying affected users, and analysing blockchain records to track the stolen funds.
On X (Twitter), the official Coinbase Support account posted, “Fake ‘Coinbase’ sites stole $20 million in crypto. We traced the funds and helped the Secret Service arrest the ringleader. Blockchain transparency stops spoofers.”
Chief Legal Officer Paul Grewal noted the importance of blockchain data in tracing transactions, comparing it favourably to traditional finance methods, stating that crypto leaves “a permanent, traceable trail” unlike cash.
Coinbase boosts law enforcement cooperation amid scrutiny
Coinbase has underlined its continued investment in fraud detection systems and close collaboration with agencies including the FBI and the Secret Service.
The exchange stated that it will keep working to prevent similar scams and protect its users from impersonation attempts.
However, the successful takedown comes at a time when Coinbase’s own credibility is being tested.
Just one day before announcing Tomar’s arrest, the company was hit with a class-action lawsuit in the US.
The complaint, filed by investors, alleges that Coinbase failed to inform shareholders about security weaknesses that led to a recent breach compromising user data.
Data breach triggers class-action lawsuit and UK penalty
The breach, revealed two weeks ago, reportedly stemmed from insider involvement and resulted in sensitive customer information being leaked.
Coinbase confirmed that it received a $20 million ransom demand but refused to pay.
Instead, it worked with authorities and disclosed the incident.
The breach also drew attention from UK regulators. The Financial Conduct Authority (FCA) fined Coinbase $4,500,000 for compliance failures linked to the event.
The fine and lawsuit have raised concerns about the company’s internal controls, especially around data protection and investor risk disclosures.
Despite the enforcement win, Coinbase now faces pressure on multiple fronts: user trust, legal exposure, and regulatory compliance.
A win overshadowed by internal challenges
The arrest of Chirag Tomar offers Coinbase a significant public relations victory in the fight against crypto scams. But the context in which it arrives is critical.
The timing, sandwiched between a lawsuit and regulatory action, underscores the exchange’s difficult balancing act: helping to police the crypto space while managing its own internal security shortcomings.
The Tomar case may help reinforce the potential of blockchain forensics as a crime-fighting tool.
Yet for Coinbase, maintaining user confidence will depend on whether it can prevent similar incidents from occurring inside its own systems.
