Molly White's Citation Needed - Issue 84 – Rogue overseas support agents
Episode Date: May 20, 2025Coinbase’s substantial data breach coincides with a convenient terms of service update, while the GENIUS Act stablecoin bill regains momentum in the Senate. Originally published on May 20, 2025....
Transcript
Discussion (0)
I'm Molly White, and you're listening to the audio feed for the citation-needed newsletter.
You can see the text version of the newsletter online at citation-needed.news.
Issue 84. Rogue oversees support agents.
Coinbase's substantial data breach coincides with a convenient terms-of-service update,
while the Genius Act stable coin bill regains momentum in the Senate.
Coinbase followed up its jubilant announcement that it would be joining the
and P-500 by almost immediately having to disclose a significant customer data breach,
just as new customer terms came into effect to introduce additional barriers to filing class action
lawsuits against the company. Meanwhile, the Genius Act Stablecoin bill advanced in the Senate
with unusual speed, reflecting the crypto industry's urgent push for legislation before the
midterm elections potentially weaken their influence in Congress. After unanimous Democratic
opposition in the closure vote earlier this month, 16 Democratic senators have now voted along with
nearly all Republicans to move the bill forward to a final Senate vote.
Coinbase. On May 12th, Coinbase announced it will join the S&P 500 as its quote, first and only
crypto company. This is the latest change that may see more American investors inadvertently exposed to the
cryptocurrency industry via index funds, following micro-stratage's entry into the
NASDAQ 100 in December 2024. Their joy was likely tempered when only two days later on May 14th,
they had to announce a data breach that exposed customer data including names, addresses, phone numbers,
email addresses, images of government ID documents, account balance and transaction data,
and masked social security and bank account numbers. Although leaks like this typically lead to an
uptick and fishing attempts, where scammers use the private information to contact customers and
more convincingly impersonate Coinbase employees, the leak of account balance data and customer
addresses is also particularly concerning, given the recent spike in violent attacks and kidnappings
targeting wealthy crypto holders. According to Coinbase, the data thieves bribed some members of
Coinbase's poorly paid offshore customer support team, who they described as, quote, rogue overseas
support agents and who are reportedly earning less than $5,000 annually.
Coinbase's cybersecurity disclosure filing with the SEC admitted that they have been grappling
with this issue for months. Quote, the threat actor appeared to have obtained this information
by paying multiple contractors or employees working in support roles outside the United States
to collect information from internal Coinbase systems to which they had access in order to
perform their job responsibilities. These instances of such personnel accessing data without business
need were independently detected by the company's security monitoring in the previous months.
Bloomberg later reported that, quote, the hackers did have near constant access to some of
Coinbase Global Inc's most valuable customer data since January, citing an anonymous source familiar
with the incident. At least five lawsuits have been filed against Coinbase since the breach disclosure.
However, an incredibly conveniently timed update to Coinbase's customer terms announced on April 12th,
then applying to disputes filed after May 15th, may make it more challenging for these cases to succeed.
While Coinbase's customer terms previously contained some texts seeking to limit class action lawsuits and force customers into arbitration,
the update made some key changes, most significantly aiming to force lawsuits to be filed in New York.
The new version also expands clauses limiting collective litigation, mass arbitration, and the sharing of
information between separate parties involved in arbitration proceedings against Coinbase.
It also aims to force any claims that do proceed in court rather than arbitration to go to a bench trial
instead of a trial by jury, reduces thresholds triggering batch arbitration, and much more prominently
highlights the, quote, class, collective, representative, and mass action waiver and jury
trial waiver. Of the five lawsuits filed against Coinbase for the data breach thus far,
all are class actions, none were filed before May 15th, and two were filed outside of New York.
It remains to be seen whether courts will find the waivers of rights and forum selection clause
to be enforceable, and Coinbase could also feasibly run into problems establishing that
pre-existing customers had agreed to the updated terms without any sort of express acknowledgement.
Coinbase says that the thieves demanded a $20 million ransom in exchange for not disclosing the
information, which Coinbase refused.
Coinbase has offered a reward for information on the thieves and promised to reimburse customers
who, quote, mistakenly sent funds to the scammer as a direct result of this incident prior to
the date of this post.
They've estimated these reimbursements could cost them, quote, up to $400 million.
However, Coinbase has been a little cagey about the cost.
the scale of the breach, disclosing only that data was compromised on, quote, less than 1% of Coinbase
monthly transacting users. Presumably, they mean fewer than roughly 100,000 customers have been impacted altogether,
based on their most recent MTF figures. However, someone pointed out to me that this statement could mean
fewer than 100,000 of Coinbase's monthly transacting users had their data exposed,
along with some potentially much larger percentage of all customers. But that would be, you know,
incredibly misleading. In the courts, prosecutors in the case against Tornado Cash co-founder
Roman Storm have dropped the allegation that he was operating an unlicensed money transmitting business.
This seems to follow direction by Deputy Attorney General Todd Blanche, whose April 7 memo
instructed the Justice Department to, quote, not charge regulatory violations in cases involving
digital assets, including but not limited to unlicensed money transmitting. At least one defendant
in a separate crypto-anonymizer case in the same district, Samurai Wallet, has argued that it should be
retroactive, and this development could be a good sign for their chances of success. However, like Storm,
the Samurai Wallet defendants face additional charges. Storm's lawyers are likewise drawing on the
Samurai case, echoing the samurai defendant's arguments from earlier in May that prosecutors improperly
withheld communications with the Treasury Department's Financial Crimes Enforcement Network, or FinCense,
that could undermine the government's case.
While the call in question was about Samurai Wallet,
the Tornado Cash Defense team argues that the reasoning
under which FinCEN employees opined that Samurai Wallet
might not be a money services business also applied to tornado cash.
Prosecutors have filed racketeering charges against a group
that allegedly stole over $263 million in crypto,
including $243 million from a single individual.
Two people were charged in September 2024 in connection to the theft, but the superseding indictment
now names 12 defendants who became friends on online gaming platforms, then launched a, quote,
social engineering enterprise to steal cryptocurrency. According to the indictment, the enterprise
included, quote, database hackers, organizers, target identifiers, callers, money launderers, and residential
burglars targeting hardware virtual currency wallets.
Eric Counsel Jr., who compromised the SEC's Twitter account in January 2024 and falsely announced a much-anticipated launch of Spot Bitcoin ETFs,
has been sentenced to 14 months in prison on identity theft and access device fraud charges.
The Phantom Foundation, now Sonic Labs, has been approved by a Singaporean court to liquidate the Multi-Chane Foundation to recoup money lost in a $210 million exploit in 2023.
Phantam's losses amounted to around $67 million.
Multi-Chane's CEO disappeared shortly before the exploit,
rumored to have been arrested in China and hasn't re-emerged.
Trump Business Interests
Trump's meme coin dinner is coming up on May 22nd.
As of the final count, 72% of the wallets on the leaderboard
are likely controlled by entities outside the United States.
The top holder is still an HTX hot wallet, likely representing Justin's son, who is yet to publicly confirm he's attending the dinner, but who just so happened to show up in the U.S. on May 19th.
The leaderboard was finalized 10 days before the dinner, presumably to give Trump's team time to perform background checks on guests.
This also allowed those who purchased Trump tokens solely to secure a dinner invite to dump the tokens, and many have.
despite the Trump team's attempts to thwart a sell-off by announcing a, quote,
very special and rare, quote, Trump-D Diamond Hand Limited Edition Trump-Solana NFT for any dinner attendees still
holding their tokens by the time of the dinner.
Elsewhere in Trump meme coin news, the NASDAQ listed GD Culture Group,
described by the New York Times as a, quote, struggling technology company that has ties to China
and recorded zero revenue last year from an e-commerce business it operates on ticker.
TikTok announced it would spend up to $300 million on Trump tokens after raising money through a stock sale agreement with an unidentified entity in the British Virgin Islands.
This adds another entry to Trump's ever-growing list of conflicts of interest as he stands to earn money from a substantial token purchased by a company reliant on TikTok,
while he simultaneously directs Chinese foreign policy and intervenes in a potential TikTok ban.
David Bailey, a close Trump crypto advisor who runs Bitcoin magazine and the annual Bitcoin conference
where Trump debuted as, quote, crypto president, is following in the footsteps of others close to Trump,
including Trump's sons and Brandon Lettnick, son of Commerce Secretary Howard Lettnick.
Bailey's new company, Nakamoto, is following the same rough blueprint as the Trump's son's
American Bitcoin and Lettick's 21 capital, create a new company,
merge it with an existing public company or SPAC, and accumulate Bitcoin to become a Bitcoin proxy bet.
Bailey, the Trump's sons, and Letnik are themselves following a playbook established by Michael Saylor and his micro-strategy company, now known as just strategy.
The micro-strategy technique has been criticized as both a bubble and a Ponzi scheme likely to collapse if Bitcoin prices fail to go up forever.
Good thing that never happens in crypto.
Now, however, with the president's family members, close advisors, and family members of others in the administration, all running businesses that depend on Bitcoin prices rising, there are even more conflicts of interest incentivizing Trump and others in his government to try to bolster the crypto industry and crypto prices.
House Democrats have followed up last week's flurry of letters by their Senate counterparts with a letter to Treasury Secretary Scott Besant, requesting all suspicious activity reports.
or SARS related to Trump's World Liberty Financial and meme coin projects. The letter also asked for
SARS pertaining to the win-red online fundraising platform and super PACs, including Elon Musk's
America PAC. One letter from last week has received a public response, Senator Blumenthal's letter
to World Liberty CEO, Zach Whitkoff. Whitkoff, who characterized Blumenthal as a, quote,
politician with an axe to grind, mostly used his response to promote World Liberty.
Liberty Financial and its plans to, quote, democratize access to the financial system.
The only substantive reply to Blumenthal's several pages of questions was to write that, quote,
WLFI has no affiliation, formal or informal, with Fight, Fight, Fight, Flight, LLC, or its chief
executive officer, Mr. Bill Zanker.
Fight, Fight, Fight, Fight, Flight, LLC is behind the Trump meme coin and is just one of a much
longer list of entities Blumenthal inquired about.
in government.
The Genius Act Stablecoin Bill has already advanced in the Senate, after all Democrats and
several Republicans voted against it less than two weeks ago amid concerns about Trump's
serious crypto conflicts of interest.
Some Democrats tried to insist that any stable coin bill must include explicit prohibitions
preventing the president, Congress members, and others in government from creating and
selling digital assets, others such as a bill co-sponsor and longtime cryptocurrency.
industry ally Kirsten Gillibrand, argued that Trump's crypto activities are, quote,
already illegal and that the bill shouldn't, quote, deal with all of President Trump's ethics problems.
Despite little in the way of amendments incorporating Democrats requested changes,
16 Democrats voted in support of the closure motion.
Alsa Brooks from Maryland, Blunt Rochester from Delaware, Booker from New Jersey,
Cortez Mastow from Nevada, Federman from Pennsylvania, Gallego from Arizona,
Jilla Brand from New York, Hassan from New Hampshire, Heinrich from New Mexico, Lujan from New Mexico,
Assoff from Georgia, Padilla from California, Rosen from Nevada, Schiff from California,
Slotkin from Michigan, and Warner from Virginia.
The bill will now go to a full vote, possibly later this month.
The breakneck pace of this bill is likely due to the crypto industry's concern that their influence
on Congress might diminish after the midterm level.
elections. Quote, we have a very narrow window to get legislation through. The midterms are next year.
I think it's very likely that our window closes at the midterms, explained a board member of the
Blockchain Association lobbying group. In Arizona, Governor Hobbs is juggling yet more crypto bills
after signing one and vetoing one earlier this month. Now she's vetoed two more bills, including
SB 1373, another bill that would have allowed the state to establish a strategic reserve
for cryptocurrency. Quote, I have already signed legislation this session, which allows the state to
utilize cryptocurrency without placing general fund dollars at risk, she wrote, referring to the HB 2749
Bitcoin Reserve bill she signed on May 7th. She also vetoed SB 1024, which would have allowed
state agencies to accept cryptocurrency for payments. Quote, legislators on both sides of the aisle
acknowledged it still leaves the door open for too much risk, she explained.
In regulators, SEC, District Court Judge Annalisa Torres denied a joint request by Ripple and the SEC
for an indicative ruling that if jurisdiction over the case returned to her from the Second Circuit,
she would, quote, dissolve the court's injunction against Ripple to stop illegally selling securities
and reduce the civil penalty from $125 million to $50 million.
Torres denied the request for procedural reasons, writing that it, quote, amount of
to a motion to vacate significant portions of the final judgment
and needs to be filed under a different rule to, quote,
address the heavy burden they must overcome to vacate the injunction
and substantially reduce the civil penalty.
She noted that even if the parties filed the request correctly,
quote, relief from judgment is granted, quote,
only upon a showing of exceptional circumstances.
The SEC has previously said that if Torres indicated
she would grant the relief they sought,
they would request a limited remand to the district court and then move to dismiss the ongoing
appeals in the Second Circuit. Although the SEC dismissed with prejudice its lawsuit against Coinbase,
the New York Times reported a separate ongoing investigation into whether Coinbase misstated its user
figures in both securities filings and marketing contexts. Coinbase had once claimed to have 100 million
or more, quote, verified users, but stopped using the figure in 2023, saying it was
quote, not indicative of our overall performance. Coinbase now reports on monthly transacting users,
claiming to have 9.7 million of them in their latest quarterly report. According to the Times,
it's common for the SEC to investigate when companies stop using measurements previously used in
advertising to ensure that they weren't misleading investors. CFTC. Two crypto-friendly Republican
CFTC commissioners are about to step down. Commissioner Summer Murm,
Hercinger, a longtime ally to the crypto world, resigned on May 14th, even though her term was not due to expire until 2028.
The revolving door will deposit her into the CEO position at the Blockchain Association crypto lobbying firm after she leaves the CFTC at the end of the month.
CFTC acting chair, Caroline Fam, also plans to leave the agency when a new chairperson is installed.
The nominee, not yet Senate confirmed, is Andresen Horowitz's Brian Quintens.
who served as a CFTC commissioner during Trump's first administration and then briefly under Biden.
Fams and Mercinger's announcements follow Democratic CFTC Commissioner Christy Goldsmith-Ramero's March announcement that she would be leaving.
If Quintens joins the agency, it will be just him and Democrat Kristen Johnson left, leaving the agency without a party majority.
Outside the U.S.
The judge overseeing Argentina's probe into the Libra meme coin catastrophe and its connections,
to Argentina's president, Muley, has ordered the Argentinian central bank to provide information
on bank accounts belonging to Muley and his allegedly involved sister. Shortly before this order,
the judge also ordered the freezing of assets belonging to Hayden Davis and other businessmen
involved with the project. The string of violent attacks on people known or believed to hold
substantial cryptocurrency has continued, recently concentrated in France. There have been two
successful kidnappings in France this year, the January kidnapping of Ledger co-founder David Balland
and his wife, and the May kidnapping of a crypto-millionaire's father. Both Balland and the father
had fingers cut off during the attacks as their assailants tried to extort money. All were rescued.
Most recently, kidnappers tried to abduct the daughter and grandson of the CEO of the Paymium
cryptocurrency exchange, but were thwarted by a shopkeeper with a fire extinguisher. After the attack,
France's interior minister Bruno Rattayo announced a meeting with cryptocurrency entrepreneurs,
quote, to work with them on their security, to make them aware of the risks, and to take together
measures to protect them. After the meeting, the Interior Ministry stated that wealthy cryptocurrency
investors would receive priority access to the police emergency line and home visits from law
enforcement to advise on increasing their personal security. Elsewhere in crypto, Telegram reportedly
shut down major cryptocurrency-denominated illicit marketplaces on their platform, following an
elliptic report about the massive scale of such telegram-based marketplaces like Cambodia's
Weiwan, which was designated a, quote, primary money laundering concern by FinCEN on May 1st.
According to Elliptic, the Weiwan and Zinbi marketplaces together processed over $35 million
in stable coin transactions for illicit goods, including stolen data and torture devices,
and services like money laundering and human trafficking.
While many early illicit marketplaces operated on the dark web,
Elliptic reported that, quote,
illicit marketplaces have largely shifted to operating
through the instant messaging app, Telegram,
which provides access to an audience of over a billion users.
The Web 3 is going just great recap.
There was one entry between May 12th and May 20th,
averaging 0.1 entries per day.
The Curve Finance website and Twitter account was hacked.
Worth a read.
Chris Geidner at Law Dork responds to those who react to news about court rulings against the Trump
administration with, well, it doesn't matter, they don't follow court orders.
His response is realistic and does not naively pretend that courts are some sort of unassailable
institution under authoritarianism.
He writes, quote, yes, Trump is going to keep taking actions that disregard the limits placed
upon him.
But it is not up to him to decide that he can do so.
It is up to the other branches, other institutions, and ultimately all of us, whether we allow it.
That's titled, It Does Matter. Defending the Rule of Law in the Trump era is essential in his law dork newsletter.
I usually try to avoid sharing paywalled articles here, but this is a very good one, titled AI therapy is a surveillance machine in a police state in The Verge.
Addie Robertson writes for The Verge about the people who are, quote, pouring their secrets out to chatbots, sometimes in dedicated
therapy apps, while, quote, the government is obsessed with obtaining a nearly unprecedented
level of surveillance and control over residents' minds, their gender identities, their possible
neurodivergence, their opinions on racism and genocide. In the news, Intelligencers cited
some of my analysis on Trump's meme coin dinner attendees in their article about the same. That's
titled, Here's Who's Going to Donald Trump's Memcoin Dinner. That's all for now, folks. Until next time,
This is Ben, Molly White.
Thanks for listening to this issue of the citation needed newsletter.
If you would like to support my work with a free or pay-what-you-want subscription to the citation-needed newsletter,
or if you would like to receive these issues in your email, go to citation-needed.news slash sign-up.
If you enjoyed the podcast version of this episode, please consider leaving a rating or review in your podcast player of choice.