Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA 1 2 3 4 5 6 7

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

Sabita J. Soneji (State Bar No. 224262)

[email protected]

Wesley M. Griffith (State Bar No. 286390)

[email protected]

TYCKO & ZAVAREEI LLP

1970 Broadway, Suite 1070

Oakland, California 94612

Telephone: (510) 254-6808

Hassan A. Zavareei (State Bar No. 181547)

hzavareei@tzlegal.com

Spencer S. Hughes (appearance pro hac vice)

shughes@tzlegal.com

TYCKO & ZAVAREEI LLP

1828 L Street, Northwest, Suite 1000

Washington, District of Columbia 20036

Telephone: (202) 973-0900

Matthew D. Carlson (State Bar No. 273242)

mdcarlson@mdcarlsonlaw.com

LAW OFFICE OF MATTHEW D. CARLSON

3959 North Buffalo Road, Suite 29

Orchard Park, New York 14127

Telephone: (716) 242-1234

Counsel for Plaintiffs Abraham Bielski, Dzhura

Binyaminov, and Auryan Sajjadi

UNITED STATES DISTRICT COURT

NORTHERN DISTRICT OF CALIFORNIA

SAN FRANCISCO DIVISION

ABRAHAM BIELSKI, DZHURA

BINYAMINOV, and

AURYAN SAJJADI, on

behalf of

themselves and all others similarly situated,

Plaintiffs,

COINBASE, INC.

Defendant.

Case No. 3:21-cv-07478-WHA

THIRD AMENDED CLASS ACTION

COMPLAINT

JURY TRIAL DEMANDED

Judge: Hon. William H. Alsup

Action Filed: September 24, 2021

Trial Date: None set

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 1 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

Plaintiffs Abraham Bielski, Dzhura Binyaminov, and Auryan Sajjadi (collectively, “Plaintiffs”),

on behalf of themselves and all other similarly situated, by and through their attorneys, bring this class

action against Defendant Coinbase, Inc. (“Coinbase”).

INTRODUCTION

1. This case is about holding Coinbase accountable for security failures on its platform—

the largest cryptocurrency exchange in the country—that have left ordinary consumers holding the

bag after sophisticated scammers repeatedly stole from them, all while Coinbase stood idly by and

ignored their pleas for support.

2. Defendant Coinbase, Inc. is a wholly-owned subsidiary of Coinbase Global, Inc., a

publicly-traded company with a market capitalization of over $16 billion. Coinbase operates a platform

allowing customers to open individual accounts, buy and sell cryptocurrency and fiat currency, and

maintain their assets. It holds nearly $100 billion in customer assets on its platform, much of which is

in small consumer accounts that seek to buy and hold fractions of cryptocurrency coins (such as

Bitcoin) and electronically transfer U.S. dollars from their external personal bank accounts to fund

cryptocurrency purchases on the Coinbase exchange.

3. Coinbase represents that it will safeguard its customers’ assets from theft and that it

operates a secure, trusted platform. In exchange for its operation of a cryptocurrency exchange and

its storage of customer assets, customers pay Coinbase significant commissions and fees. Coinbase

reported a net revenue of nearly $2 billion in the first half of 2022.

4. As the cryptocurrency market has boomed in popularity, Coinbase users have

increasingly become the targets of hackers and scammers. These malicious actors have breached

Coinbase’s security and made unauthorized transfers of funds—both in the form of U.S. dollars or

other “fiat currency,” as well as in the form of cryptocurrencies—away from Coinbase user accounts

into the hackers’ or scammers’ individual accounts or their virtual cryptocurrency “wallets” off of the

Coinbase platform.

5. The three Plaintiffs and members of the putative Classes have each fallen victim to

these hacks and scams. But in response to widespread instances of unauthorized electronic fund

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 2 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

transfers on its exchange, Coinbase has done nothing for the vast majority of its affected users,

including Plaintiffs.

6. Because Coinbase is a “financial institution” as defined by the Electronic Funds

Transfer Act (“EFTA”), 15 U.S.C. §§ 1693 et seq., it has a legal obligation to remedy unauthorized

electronic fund transfers. But it has not met that obligation because, for example, it has failed to timely

and in good faith investigate fraudulent transfers, and it has failed to timely credit and/or provisionally

recredit, or credit and/or provisionally recredit at all, Coinbase users’ accounts pending investigation.

7. In their attempts to secure compliance with this obligation, Coinbase users have

repeatedly implored Coinbase to help them rectify the unauthorized transfers from their accounts. But

in response, Coinbase has routinely and repeatedly ignored these requests, instead relying on

automated responses that have not specifically addressed user concerns and have not provided timely,

meaningful customer service.

8. For over a year, and continuing today, Coinbase has largely turned a blind eye to the

systemic breaches of security on its exchange, leaving affected users without recourse (short of

litigation) to correct these issues. A CNBC article entitled, “Coinbase slammed for what users say is

terrible customer service after hackers drain their accounts,” documents some of these users’

experiences with Coinbase.

9. Coinbase has further failed to comply with the EFTA and Regulation E of its

implementing regulations, 12 C.F.R. §§ 1005.1–.20, by failing to timely provide affected Coinbase

users with information concerning the status of the unauthorized electronic transfers from their

Four days after this case was originally filed, Coinbase apparently refunded approximately 6,000

Coinbase users in the amount of the value of assets stolen from their accounts, valued at the time

those assets were stolen. See First Amended Complaint, Dkt. 6, at Ex. A. For these users, Coinbase

has acknowledged that the thefts from their accounts were a result of “third parties [who] took

advantage of a flaw in Coinbase’s SMS Account Recovery Process,” and Coinbase apparently issued

the refunds in response to its culpability. Id. These users are nonetheless included in the class

definitions, as they due any unpaid compensatory damages (e.g., the value of asset appreciation up to

the time refunds were issued), as well as treble damages, statutory damages, attorneys’ fees, costs,

and interest. See 15 U.S.C. § 1693m(e) (safe harbor applies only to complete remedial action taken

before an EFTA action is filed); see also Cobb v. PayLease LLC, 34 F. Supp. 3d 976, 985 (D. Minn.

2014).

Scott Zamost et al., Coinbase slammed for what users say is terrible customer service after hackers drain their

accounts, CNBC, Aug. 24, 2021, https://www.cnbc.com/2021/08/24/coinbase-slammed-for-

terrible-customer-service-after-hackers-drain-user-accounts.html.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 3 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

accounts upon request, and it has failed to comply with Regulation E by failing to provide all Coinbase

users with initial disclosures required by Regulation E. Its failures to secure its customers’ accounts

after promising to operate a safe and secure cryptocurrency exchange also give rise to a host of state

law claims.

10. On behalf of two classes and two state-specific subclasses (as defined below), Plaintiffs

seek compensatory damages, statutory damages, treble damages, restitution, disgorgement, punitive

damages, attorneys’ fees, costs of suit, interest, and any other relief the Court deems appropriate.

JURISDICTION

11. The Court has subject matter jurisdiction over this case pursuant to 28 U.S.C. § 1331

because the action is brought pursuant to the Electronic Funds Transfer Act of 1978, 15 U.S.C. §§

1693 et seq. The Court has supplemental jurisdiction over Plaintiffs’ state law claims pursuant to 28

U.S.C. § 1367.

12. The Court also has jurisdiction over this case pursuant to the Class Action Fairness

Act, 28 U.S.C. § 1332(d), because there exists minimal diversity between class members and Coinbase

and because the amount in controversy exceeds $5,000,000, exclusive of interest and costs.

VENUE

13. This Court is the proper venue for this matter pursuant to 28 U.S.C. § 1391(b) and (c)

because a substantial part of the events or omissions giving rise to the claims occurred in this District,

and Coinbase has substantial and systematic contacts in the District as alleged within this Complaint.

14. The case has been properly assigned to the San Francisco Division of this District

under Civil L.R. 3-2(c) and (d) because a substantial part of the events or omissions that gave rise to

Plaintiffs’ claims occurred in San Francisco County.

PARTIES

15. Plaintiff Abraham Bielski is a Coinbase customer. He is a citizen of Florida.

16. Plaintiff Dzhura Binyaminov is a Coinbase customer. He is a citizen of New York.

17. Plaintiff Auryan Sajjadi is a Coinbase customer. He is a citizen of California.

18. Defendant Coinbase, Inc. is a Delaware company in the business of, among other

things, operating cryptocurrency exchanges and other related businesses around the world via its

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 4 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

website and cellular phone applications. Coinbase operates the largest cryptocurrency exchange in the

United States by trading volume and claims to have over 103 million verified users with $96 billion of

assets on its platform. While Coinbase purports to have no physical headquarters, it has its principal

place of business in San Francisco, California, maintains its executive offices in San Francisco,

California, is registered with the Secretary of State in California, has an agent for service of process in

California, and, on information and belief, pays taxes to the State of California.

FACTS

A. The cryptocurrency market has exploded in size and popularity.

19. Cryptocurrencies are digital assets that are backed by decentralized computer

networks, rather than by central banks or issuing authorities like fiat currencies such as the U.S. dollar,

the Mexican peso, or the Euro. The largest and perhaps most well-known example of a cryptocurrency

is Bitcoin, which was launched in 2009.

20. Unlike traditional fiat currencies that have the support of governments,

cryptocurrencies rely on digital ledgers, which are public databases that contain the entire ownership

and transaction history of every cryptocurrency “coin.” The information in these ledgers cannot be

maliciously edited by a third party. These secure ledgers—combined with a finite supply of available

“coins”—allow cryptocurrencies to function as a storage of value, like other funds or assets. Because

the “coins” have real-world value, they are often bought and sold in exchange for fiat currency or for

other cryptocurrency coins.

21. Cryptocurrency’s popularity has skyrocketed in a short time, and the value of some

cryptocurrencies has also risen dramatically. In 2010, a customer bought two pizzas for the price of

10,000 Bitcoin;

as of October 27, 2022, a single Bitcoin was worth over $20,000. The total market

capitalization of all cryptocurrencies was estimated to exceed $2 trillion earlier this year.

Rufas Kamau, What Is Bitcoin Pizza Day, And Why Does The Community Celebrate On May 22?, Forbes,

May 9, 2022, https://www.forbes.com/sites/rufaskamau/2022/05/09/what-is-bitcoin-pizza-day-

and-why-does-the-community-celebrate-on-may-22/?sh=7cd8b56fd685.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 5 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

22. This dramatic growth in cryptocurrency has been fueled largely by ordinary American

consumers, who have treated cryptocurrency like other traditional, tradeable, appreciating assets such

as stocks and bonds.

B. Coinbase has played a major role in the rise of cryptocurrency trading.

23. To trade cryptocurrencies, consumers rely on a novel form of financial institution that

both stores consumers’ funds and assets as well as provides a platform for the exchange of those funds

and assets on the open market.

24. The most prominent of this new type of financial institution is Coinbase. Combining

the features of financial institutions like brokerages and stock exchanges, Coinbase is a custodian for

its customers’ funds and an operator of a cryptocurrency exchange on which customers may buy, sell,

and trade cryptocurrencies directly on the Coinbase platform.

25. Coinbase was founded in 2012 and has since grown into one of the biggest names in

cryptocurrency. At its initial public offering in 2021, Coinbase’s value was reportedly $47 billion.

Today, Coinbase claims more than 103 million customers with trades totaling more than $200 billion

per quarter, all on a Coinbase platform supported by nearly 5,000 employees.

26. Coinbase focuses its business on ordinary retail investors. Its business model depends

on persuading ordinary consumers to sign up to trade cryptocurrency, and it is aware of its niche in

the “retail crypto” space. Coinbase’s 2021 annual report touted its “simple onboarding process that

allows retail users to sign up and quickly purchase their first crypto asset” and claimed that Coinbase

is “a primary on-ramp for customers’ journeys into the cryptoeconomy.”

27. Regular consumers across the country have bought and sold cryptocurrencies after

Coinbase targeted its marketing toward them. For example, Coinbase spent an estimated $13 million

to broadcast a one-minute commercial nationwide on NBC during the Super Bowl in February 2022.

28. In furtherance of its “retail crypto” efforts, Coinbase encourages users to invest their

retirement savings in cryptocurrency through web advertisements like “The Crypto Guide to

Gabe Lacques, What was that? Coinbase’s QR code Super Bowl commercial confuses viewers, USA Today,

Feb. 13, 2022, https://www.usatoday.com/story/sports/Ad-Meter/2022/02/13/coinbase-qr-code-

super-bowl-ad-crypto-commercial-confuses-viewers/6778949001/.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 6 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

Retirement Savings.” Coinbase even partners with 401(k) plan provider ForUsAll to encourage users

to invest their retirement savings in the cryptocurrency market.

C. Coinbase has repeatedly made false representations about its platform’s

security.

29. As a financial institution, Coinbase understands that its platform will only succeed if

would-be customers believe their assets and funds are secure on the Coinbase platform. To that end,

Coinbase’s website is replete with representations about the safety and security of Coinbase users’

assets. The front page of its website, www.coinbase.com, represents that users can “[s]imply and

securely buy, sell, and manage hundreds of cryptocurrencies” and that it provides “accessible, safe,

and secure financial tools for everyone.”

30. On its website, Coinbase lays out myriad representations about its safety and security,

underneath messages like “Here’s why you can trust us:” and “Most trusted. Most secure.” Coinbase

represents that its cryptocurrency storage is secure, that it offers “best in class storage,” that it has

“industry-leading security,” that it is the “most trusted crypto exchange,” that it uses “state-of-the-art

encryption,” that its users’ “assets are protected,” that it offers “multifaceted risk management

programs designed to protect customers’ assets,” that it “offer[s] the finest tools to protect your

account,” and that its users can “[g]et the help you need, when you need it” from its Support Team,

in addition to other representations about safety and security. Many of these representations are in

oversized and/or bold-faced and are featured prominently on Coinbase’s website.

31. Coinbase’s representations about its purported safety and security have been made

about each aspect of its services. Coinbase claims that its “Wallet” will “[p]rotect your digital assets

with industry-leading security,” that its “trusted and easy-to-use” platform allows “anyone, anywhere

. . . to easily and securely send and receive Bitcoin,” that it will “[p]rotect your crypto with best in class

cold storage,” and that its users can “[s]afely store and easily view” their assets.

32. Coinbase has published these representations beyond its own website. It has made

representations about its purported security through search engine marketing, social media, media

interviews, and other marketing materials. When a would-be customer searches for “Coinbase” on

Google, the link to the first result—Coinbase’s website—describes it as a place to “Buy and Sell

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 7 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

Bitcoin, Ethereum, and more with trust.” Coinbase’s Twitter account has claimed that it “provid[es]

the safest and most secure crypto experience to our users”

and tells potential customers that Coinbase

is “[t]he safest place for your crypto.”

Its Twitter account has also represented to its users (and would-

be users) that “[f]irst (and most importantly) your funds are safe, and they always will be.”

33. Plaintiffs read Coinbase’s representations about its safety and security measures and

relied on those representations in purchasing, trading, and storing cryptocurrency on the Coinbase

platform.

D. Coinbase has admitted that it must provide “bank-level security” and is well-

aware of its platform’s vulnerabilities.

34. Coinbase recently admitted to its investors that it is required by law to provide bank-

level security for its customers’ funds. In an August 2022 disclosure statement to the SEC, Coinbase’s

parent company represented that “we are required to safeguard customers’ assets using bank-level

security standards applicable to our wallet and storage systems, as well as our financial management

systems related to such custodial functions.”

Despite this acknowledgement, Coinbase has failed and

continues to fail to do so.

35. Coinbase’s acknowledgement that it is “required” to “safeguard” assets using “bank-

level security standards” shows its awareness of its obligations to comply with the EFTA and

Regulation E, to not breach the duty of care that it owes to its customers, and to act reasonably as a

bailee of its customers’ personal property.

36. Coinbase has also admitted to its strategic purposes in repeatedly representing its

platform is secure (even without “bank-level security standards”). On May 10, 2022, in a quarterly

earnings call, Coinbase CEO and co-founder Brian Armstrong explained that Coinbase makes broad

Coinbase (@coinbase), Twitter (June 30, 2022, 1:25 PM ),

www.twitter.com/coinbase/status/1542605323382337537.

Coinbase (@coinbase), Twitter (July 2, 2021, 8:09 AM),

www.twitter.com/coinbase/status/1410979060868517889.

Coinbase (@coinbase), Twitter (May 11, 2022, 4:34 PM),

www.twitter.com/coinbase/status/1524533348474912769.

Coinbase Global, Inc., Quarterly Report (Form 10-Q), at 94 (Aug. 9, 2022), available at

https://www.sec.gov/ix?doc=/Archives/edgar/data/1679788/000167978822000085/coin-

20220630.htm.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 8 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

representations about its safety and security features in order to form a “competitive moat” and gain

an advantage over competitors in the cryptocurrency industry.

By representing that customer funds

are safe on its platform, Coinbase seeks to induce potential customers to sign up there (rather than

with a competitor) and pay Coinbase fees for cryptocurrency transactions. During that same call,

Armstrong emphasized the importance of the perception of security for Coinbase’s success:

It comes down to cybersecurity – we’re storing more crypto securely

for our customers. And so whenever people are coming into a new

industry, they generally want to go with the one that it’s been around

the longest, it’s trusted by the most people, it has the most number of

users. Coinbase is really the only crypto company that's public in this

environment. And we're storing such a large amount of crypto that I

think that's a defensible moat because basically

when people trust us,

they store crypto with us.

(Emphasis added.)

37. Despite Coinbase’s acknowledgement that the perception of security is crucial to its

success, it has failed and continues to fail to actually secure its customers’ funds or to resolve errors

resulting from breaches in the security of its customers’ funds.

38. Coinbase has admitted to an awareness of the dangers that hackers and scammers pose

to its users. In its 2021 Form 10-K, Coinbase acknowledged that a “risk factor” to its business was

“cyberattacks and security breaches of our platform, or those impacting our customers or third

parties” because they “could adversely impact our brand and reputation and our business, operating

results, and financial condition.”

39. These issues with cryptocurrency security are widely known. Michael Hsu, the acting

Comptroller of the Currency, recently decried the “unabating volume of scams, hacks, and fraud” in

cryptocurrency and urged caution about allowing cryptocurrency to interact directly with more

traditional financial institutions.

Hsu said that “people get hurt” when cryptocurrency peddlers, like

Coinbase Global, Inc. First Quarter 2022 Earnings Call (May 10, 2022), available at

https://s27.q4cdn.com/397450999/files/doc_financials/2022/q1/Coinbase-Q1'22-Earnings-Call-

Transcript.pdf.

Coinbase Global, Inc. 2021 Annual Report (Form 10-K), at 26 (Feb. 24, 2022), available at

https://www.sec.gov/ix?doc=/Archives/edgar/data/0001679788/000167978822000031/coin-

20211231.htm.

Jon Hill, ‘People Get Hurt’ When Crypto Mimics Banks, OCC’s Hsu Says, Law360, Oct. 11, 2022,

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 9 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

Coinbase, use “familiar” terminology to “downplay or mask the risks involved” in trading

cryptocurrencies.

40. These issues also disproportionately affect Coinbase and its customers, because

Coinbase has pursued the “retail crypto” business strategy to take advantage of unwary consumers.

The cyber security firm PIXM explained that Coinbase has been “increasingly targeted by scammers,

fraudsters, and cyber criminals” because these malicious actors understand Coinbase attracts an

“audience of casual, generally non-technical, crypto investors” who are especially susceptible to their

schemes.

41. Coinbase continues to use familiar bank-like language about security in order to attract

these casual, non-technical retail customers. As Coinbase has acknowledged on multiple occasions, its

representations regarding security are material to consumers and are important in Coinbase’s attempt

to maintain a competitive edge over its competitors. Gaining the trust of ordinary consumers by

marketing its platform as the “most secure” is central to Coinbase’s brand and competitive strategy.

42. Despite these representations, which Coinbase makes for its own business benefit,

Plaintiffs and the Class have been victimized by Coinbase’s lax security measures and have been left

helpless after Coinbase’s Support Team refused to meaningfully assist them.

E. Abraham Bielski was victimized, and Coinbase refused to help.

43. Plaintiff Abraham Bielski opened an account with Coinbase for the purpose of buying

and selling cryptocurrencies for his personal use.

44. On September 8, 2021, Bielski realized that an unauthorized electronic transfer had

been made from his Coinbase account to an unknown third party. The third party had electronically

transferred funds totaling more than $31,000 out of his account.

https://www.law360.com/consumerprotection/articles/1538955/-people-get-hurt-when-crypto-

mimics-banks-occ-s-hsu-says.

Id.

Karen Hoffman, Coinbase phishing hack signals more crypto attacks to come, says security firm, SC Magazine

(Aug. 5, 2022), https://www.scmagazine.com/analysis/email-security/coinbase-phishing-hack-

signals-more-crypto-attacks-to-come-says-security-firm.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 10 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

45. Bielski immediately notified Coinbase customer service of the unauthorized transfer,

but customer service did not make any good faith efforts to engage with him about his dispute or

otherwise attempt to resolve the dispute, one way or another, in a good faith manner.

46. Bielski has not been refunded any of his funds by Coinbase, and Bielski is informed

and believes that neither he nor any other member of any class as defined herein have received the

full relief sought in this action.

47. Bielski did not receive a disclosure from Coinbase including the information required

by 12 C.F.R. § 1005.7 before the first electronic fund transfer was made involving his Coinbase

account.

F. Dzhura Binyaminov was victimized, and Coinbase refused to help.

48. Plaintiff Dzhura Binyaminov opened an account with Coinbase for the purpose of

buying and selling cryptocurrencies for his personal use.

49. On January 31, 2022, Binyaminov realized that an unauthorized electronic transfer had

been made from his Coinbase account to an unknown third party. The third party electronically

transferred funds totaling approximately $38,000 out of his account.

50. Binyaminov immediately notified Coinbase customer service of the unauthorized

transfer, but customer service did not make any good faith efforts to engage with him about his dispute

or otherwise attempt to resolve the dispute, one way or another, in a good faith manner.

51. Binyaminov has not been refunded any of his funds by Coinbase, and Binyaminov is

informed and believes that neither he nor any other member of any class as defined herein have

received the full relief sought in this action.

52. Binyaminov did not receive a disclosure from Coinbase including the information

required by 12 C.F.R. § 1005.7 before the first electronic fund transfer was made involving his

Coinbase account.

G. Auryan Sajjadi was victimized, and Coinbase refused to help.

53. Plaintiff Auryan Sajjadi opened an account with Coinbase for the purpose of buying

and selling cryptocurrencies for his personal use.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 11 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

54. On June 7, 2022, Sajjadi realized that an unauthorized electronic transfer had been

made from his Coinbase account to an unknown third party. The third party had electronically

transferred funds totaling approximately $30,000 out of his account.

55. Sajjadi immediately notified Coinbase customer service of the unauthorized transfer,

but customer service did not make any good faith efforts to engage with him about his dispute or

otherwise attempt to resolve the dispute, one way or another, in a good faith manner.

56. Sajjadi has not been refunded any of his funds by Coinbase, and Sajjadi is informed

and believes that neither he nor any other member of any class as defined herein have received the

full relief sought in this action.

57. Sajjadi did not receive a disclosure from Coinbase including the information required

by 12 C.F.R. § 1005.7 before the first electronic fund transfer was made involving his Coinbase

account.

H. Plaintiffs Bielski, Binyaminov, and Sajjadi are far from alone.

58. More Coinbase users in addition to Plaintiffs have suffered and continue to suffer

financial losses as a result of unauthorized electronic transfers from their Coinbase accounts.

59. Coinbase users have shared their stories on social media websites including Twitter

and Reddit. On Twitter, one user described how his Coinbase account was “hacked” and Coinbase

“won’t help.”

He explained that Coinbase told him he “would get the money back” that he lost in

the hack, but instead his funds disappeared and Coinbase offered no support—forcing him instead to

ask the FBI to intervene.

On Reddit, multiple Coinbase users have complained of stolen funds

through unauthorized electronic fund transfers, each with no help from Coinbase’s Support Team.

John Layfield (@JCLayfield), Twitter (Jan. 13, 2022, 7:40 AM),

www.twitter.com/jclayfield/status/1481652273793028106.

John Layfield (@JCLayfield), Twitter (Feb. 25, 2022, 11:28 AM),

https://www.twitter.com/jclayfield/status/1497292461730938886.

See, e.g., What will Coinbase do to correct hacked account/stolen money?, Reddit,

https://www.reddit.com/r/CoinBase/comments/xop5on/what_will_coinbase_do_to_correct_hac

ked/; Account was hacked. My money was stolen., Reddit,

https://www.reddit.com/r/CoinBase/comments/tf7vni/account_was_hacked_my_money_was_st

olen/; Coinbase account hacked and all stolen, Reddit,

https://www.reddit.com/r/CoinBase/comments/s9osxr/coinbase_account_hacked_and_all_stolen

/ (all last accessed Oct. 27, 2022).

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 12 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

60. Media reports about Coinbase users falling victim to unauthorized electronic transfers

are common, with titles like “Katy man out of about $17K after his cryptocurrency account was

hacked,”

“Couple’s digital Coinbase account hacked, $24,000 stolen,”

and “Hackers drain

cryptocurrency accounts of thousands of Coinbase users.”

61. Additional similar lawsuits have sprung up across the country since this case was first

filed, with plaintiffs levying similar allegations in putative class actions against Coinbase. See, e.g.,

Aggarwal v. Coinbase, Inc., No. 4:22-cv-04829-JSW (N.D. Cal.); Kattula v. Coinbase Global, Inc., No. 1:22-

cv-03250-TWT (N.D. Ga.).

CLASS ACTION ALLEGATIONS

62. This action is brought and may properly proceed as a class action pursuant to Federal

Rule of Civil Procedure 23.

63. Plaintiffs seek certification of a class (the “Class”) with respect to Claims 1, 2, 4, 5, 6,

7, 8, 9, and 12 that is composed of and defined as follows:

All current and former Coinbase users and/or consumers in the

United States who maintained funds, including but not necessarily

limited to cryptocurrency and/or fiat currency, in their Coinbase

account(s) and who had funds removed from their account(s) as a

result of unauthorized electronic fund transfer(s) at least as recently as

the one-year period immediately preceding the filing of this action.

64. Plaintiff Abraham Bielski seeks certification of a Florida Subclass with respect to Claim

10, brought pursuant to the Florida Deceptive and Unfair Trade Practices Act (“FDUTPA”), that is

composed of and defined as follows:

All current and former Coinbase users and/or consumers in the State

of Florida who maintained funds, including but not necessarily limited

to cryptocurrency and/or fiat currency, in their Coinbase account(s)

and who had funds removed from their account(s) as a result of

Courtney Carpenter, Katy man out of about $17K after his cryptocurrency account was hacked, ABC13

KTRK-TV (Feb. 1, 2022), available at www.abc13.com/coinbase-cryptocurrency-hacked-

robbed/11530402/.

Lara Greenberg, Couple’s digital Coinbase account hacked, $24,000 stolen, FOX35 WOFL-TV (Dec. 6,

2021), available at www.fox35orlando.com/news/couples-digital-coinbase-account-hacked-24000-

stolen.

Jorge Jiminez, Hackers drain cryptocurrency accounts of thousands of Coinbase users, PC Gamer (Oct. 4,

2021), available at www.pcgamer.com/hackers-drain-cryptocurrency-accounts-of-thousands-of-

coinbase-users/.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 13 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

unauthorized electronic fund transfer(s) at least as recently as the one-

year period immediately preceding the filing of this action.

65. Plaintiff Dzhura Binyaminov seeks certification of a New York Subclass with respect

to Claim 11, brought pursuant to New York General Business Law § 349, that is composed of and

defined as follows:

All current and former Coinbase users and/or consumers in the State

of New York who maintained funds, including but not necessarily

limited to cryptocurrency and/or fiat currency, in their Coinbase

account(s) and who had funds removed from their account(s) as a

result of unauthorized electronic fund transfer(s) at least as recently as

the one-year period immediately preceding the filing of this action.

66. Plaintiffs seek certification of a Notice Requirement Class with respect to Claim 3,

brought pursuant to 15 U.S.C. § 1693c and Regulation E, 12 C.F.R. § 1005.7, that is composed of and

defined as follows:

All current and former Coinbase users and/or consumers in the

United States with Coinbase account(s) active at least as recently as the

one-year period immediately preceding the filing of this action.

67. Excluded from the Class, the Florida Subclass, the New York Subclass, and the Notice

Requirement Class (collectively, the “Classes”) are Coinbase’s officers and directors and current or

former employees of Coinbase and their immediate family members, as well as any judge, justice, or

judicial officer presiding over this matter and the members of their immediate families and staff.

68. Ascertainability. Plaintiffs are informed and believe that the identities of members

of the Classes are ascertainable through Coinbase’s records.

69. Numerosity. Plaintiffs are informed and believe that there are thousands of members

of the Class and the Notice Requirement Class. The Classes are so large that the joinder of all of their

members is impracticable. The exact number of members of each of the four Classes can be

determined from information in the possession and control of Coinbase.

70. Commonality. Coinbase has acted or refused to act on grounds that apply generally

to the Classes, including its failure to secure consumer accounts, its inaccurate representations about

their products made to the public and members of the Classes, its failure to provide meaningful

customer service related to security breaches, its failure to remedy unauthorized electronic fund

transfers, and its failure to provide adequate initial disclosures under Regulation E. Absent certification

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 14 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

of the Classes, the relief sought herein creates the possibility of inconsistent judgments and/or

obligations imposed on Coinbase. Numerous common issues of fact and law exist, including, without

limitation:

a. Whether Coinbase has complied with the investigation and error resolution

requirements of the EFTA and/or Regulation E in connection with the unauthorized

electronic transfer of funds from the accounts of Plaintiffs and the Classes;

b. Whether Coinbase has made timely, good faith investigations of unauthorized

electronic fund transfers, or has not had a reasonable basis for believing the accounts of

Plaintiffs and the Classes were not in error, or has knowingly and willfully concluded that those

accounts were not in error when such conclusion could not reasonably have been drawn from

the evidence available to Coinbase at the time of its investigation, if any;

c. Whether Coinbase has timely complied with the customer service provisions

of the EFTA and/or Regulation E in connection with the unauthorized electronic transfer of

funds from the accounts of Plaintiffs and the Classes;

d. Whether Coinbase has complied with the disclosure requirements of the

EFTA and/or Regulation E with respect to Plaintiffs and the Notice Requirement Class;

e. Whether Coinbase is subject to the legal requirements described in (a)–(d);

f. The nature, extent, policies, and procedures of the customer service or

“Support” processes that Coinbase makes available for its customers relating to security

breaches or unauthorized electronic fund transfers;

g. The nature, extent, policies, and procedures of the security measures that

Coinbase takes to protect its customers’ accounts and prevent security breaches or

unauthorized electronic fund transfers;

h. The legal sufficiency of the facts relating to (f)–(g) as applied to the claims of

Plaintiffs and the Classes;

i. Whether Coinbase was aware, or should have been aware; of potential

vulnerabilities in its customer account security;

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 15 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

j. The nature, scope, extent, and any limitations to the obligations that Coinbase

owes to depositors and users of its platform and exchange;

k. Whether a customer’s decision to deposit and maintain funds or assets on

Coinbase’s platform, and Coinbase’s decision to accept those funds or assets, forms a

bailment;

l. Whether Coinbase failed to properly secure its customers’ accounts, funds,

cryptocurrency, or other assets;

m. Whether Coinbase owed a duty of care to safely maintain the accounts, funds,

cryptocurrency, or other assets in its customers’ accounts;

n. Whether Coinbase violated the duties of care it owed to Plaintiffs and the

Classes;

o. Whether Coinbase’s representations about the safety and security of its

platform and exchange were materially false and misleading, or whether Coinbase made those

representations negligently, carelessly, or recklessly with regard to their falsity;

p. Whether Plaintiffs and the Classes were harmed by the security breaches

resulting in unauthorized electronic fund transfers from their Coinbase accounts;

q. Whether Coinbase is a “securities intermediary” under California law, and if

so, whether the unauthorized electronic fund transfers were ineffective entitlement orders;

r. Whether Coinbase should have to repay the monies lost by Plaintiffs and the

Classes;

s. Whether Coinbase should be required to make restitution to Plaintiffs and the

Classes;

t. Whether Coinbase should be disgorged of monies that it received as ill-gotten

gains;

u. Whether Coinbase should be required to pay damages to Plaintiffs and

members of the Classes, including treble damages where available by law;

v. Whether exemplary or punitive damages should be assessed against Coinbase.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 16 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

71. Typicality. Plaintiffs’ claims are typical, if not identical, to the claims that could be

asserted by all members of the Class and the Notice Requirement Class. Plaintiffs’ claims arise from

Coinbase’s practices applicable to all such class members. Plaintiff Abraham Bielski’s claims are

typical, if not identical, to the claims that could be asserted by all members of the Florida Subclass.

Plaintiff Dzhura Binyaminov’s claims are typical, if not identical, to the claims that could be asserted

by all members of the New York Subclass.

72. Adequacy. Plaintiffs are all members of the Class and the Notice Requirement Class

and will adequately represent the interests of those class members because there are no conflicts

between Plaintiffs and those class members, and because Plaintiffs’ counsel has the experience and

skill to zealously advocate for the interests of the members of the Classes. Plaintiff Abraham Bielski

is a member of the Florida Subclass and will adequately represent the interests of those subclass

members. Plaintiff Dzhura Binyaminov is a member of the New York Subclass and will adequately

represent the interests of those subclass members.

73. Predominance. Common issues predominate over individualized inquiries in this

action because Coinbase’s liability can be established as to all members of the Classes as discussed

herein. See supra ¶ 70.

74. Superiority. There are substantial benefits to proceeding as a class action that render

proceeding as the Classes superior to any alternatives, including that it will provide a realistic means

for members of the Classes to recover damages; the damages suffered by members of the Classes may

be relatively small; it would be substantially less burdensome on the courts and the parties than

numerous individual proceedings; many members of the Classes may be unaware that they have legal

recourse for the conduct alleged herein; and because issues common to members of the Classes can

be effectively managed in a single proceeding. Plaintiffs know of no difficulty that could be

encountered in the management of this litigation that would preclude its maintenance as a class action.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 17 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

CLAIMS

CLAIM 1

VIOLATION OF THE ELECTRONIC FUNDS TRANSFER ACT

15 U.S.C. §§ 1693

et seq.

On Behalf of All Class Members

75. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

A. The EFTA’s legal framework is broad.

76. The EFTA and its corresponding regulations implemented by the Consumer Financial

Protection Bureau (“CFPB”), 12 C.F.R. §§ 1005.1 et seq., were designed with the “primary objective”

of “the provision of individual consumer rights.” 15 U.S.C. § 1693; 12 C.F.R. § 1005.1(b) (The

“primary objective of the act and this part is the protection of individual consumers engaging in

electronic fund transfers and remittance transfers.”).

77. Relevant definitions throughout the EFTA and its corresponding definitions include:

a. A “financial institution” includes banks and credit unions, as well as “any other

person who, directly or indirectly, holds an account belonging to a consumer.” 15 U.S.C. §

1693a(9). A “person” includes “a natural person or an organization, including a corporation .

. . .” 12 C.F.R. § 1005.2(j).

b. An “account” includes any consumer asset account held directly or indirectly

by a financial institution and established primarily for personal, family, or household purposes.

15 U.S.C. § 1693a(2); see also 12 CFR § 1005.2(j).

c. A “consumer” is a “natural person.” 15 U.S.C. § 1693a(6).

d. An “error” includes, among other things, an “unauthorized electronic fund

transfer.” 15 § 1693f(f)(1); 12 C.F.R. § 1005.11(a)(vii).

e. An “unauthorized electronic fund transfer” is defined as “an electronic fund

transfer from a consumer’s account initiated by a person other than the consumer without

actual authority to initiate such transfer and from which the consumer receives no benefit.”

15 U.S.C. § 1693(a)(12); see also 15 C.F.R. § 1005(m). The CFPB (as well as the Board of

Governors of the Federal Reserve System) have specifically stated that “[a]n unauthorized

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 18 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

[electronic funds transfer] includes a transfer initiated by a person who obtained the access

device from the consumer through fraud or robbery.” See 12 C.F.R. § 205, Supp. I at 2(m)

(Board of Governors’ Official Interpretation of § 205.2(m)); 12 C.F.R. § 1005, Supp. I at 2(m)

(CFPB's Official Interpretation of § 1005.2(m)); see also Green v. Capital One, N.A., 557 F. Supp.

3d 441, 446–50 (S.D.N.Y. 2021).

f. An “electronic fund transfer” includes any transfer of funds initiated through

a computer. While the definition does not include any transfer of funds the primary purpose

of which is the purchase or sale of a security or commodity, if the security or commodity is

regulated by the Securities and Exchange Commission (“SEC”) or the Commodity Futures

Trading Commission (“CFTC”) or is purchased or sold through a broker-dealer regulated by

the SEC or through a future commission merchant regulated by the CFTC, the “primary

purpose” of the transfers of funds at issue in this action is not the purchase or sale of a security

or commodity, but rather outright theft. Indeed, CFPB has made clear that this “Securities

Exemption” applies to, for example, a transfer initiated by a telephone order to a stockbroker

to buy or sell securities or to exercise a margin call, but not a transfer involving an access

device that accesses a securities or commodities account that a consumer uses for purchasing

goods or services or for obtaining cash (i.e., a Coinbase account). 12 C.F.R. § 1005, Supp. I at

3(c)(4).

78. The error resolution subpart of the EFTA provides, in relevant part, that if a financial

institution, within sixty days after having transmitted to a consumer notice of an electronic funds

transfer, receives oral or written notice in which the consumer (1) sets forth or otherwise enables the

financial institution to identify the name and account number of the consumer; (2) indicates the

consumer’s belief that the documentation, contains an error and the amount of such error; and (3)

sets forth the reasons for the consumer’s belief that an error has occurred, the financial institution

The definition of “unauthorized electronic fund transfer” under § 1693(a)(12) and § 1005(m)

excludes any electronic fund transfer initiated by a person other than the consumer who was

furnished with the card, code, or other means of access to such consumer’s account by such

consumer. The CFPB and Board of Governors have confirmed that this exclusion does not

encompass situations where a consumer technically furnishes to a third party his or her means of

access to an account, but due to fraud, threat, or force.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 19 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

must investigate the alleged error, determine whether an error has occurred, and report or mail the

results of such investigation and determination to the consumer within ten business days. 15 U.S.C. §

1693f(a)(3); see 12 C.F.R § 205.11; see also Supp. I to § 205 at 11(b)(1) (notice of error is effective so

long as the financial institution is able to identify the account in question); 12 C.F.R. § 1005, Supp. I

at 11(b)(1)(1) (same). Notice may be constructive “when the institution becomes aware of

circumstances leading to the reasonable belief that an unauthorized transfer to or from the consumer’s

account has been or may be made.” 12 C.F.R. § 1005.6(b)(5)(iii).

79. If the financial institution determines that an error did occur, it has the option to either

(1) timely correct the error, including the crediting of interest where applicable; or (2) timely

provisionally recredit the consumer’s account for the amount alleged to be in error pending the

conclusion of the institution’s investigation of the error within ten business days of being notified of

the error. 15 U.S.C. § 1693f(c); see also 12 C.F.R. § 1005.11. In no circumstance can an investigation be

concluded more than forty-five days after receipt of the notice of error, and during the pendency of

the investigation, the consumer must be allowed full use of funds provisionally recredited. Id.

80. Where a financial institution (1) fails to provisionally recredit a consumer’s account

within the ten-day period specified above, and the financial institution (a) did not make a good faith

investigation of the alleged error, or (b) did not have a reasonable basis for believing that the

consumer’s account was not in error; or (2) knowingly and willfully concludes that a consumer’s

account was not in error when such conclusion could not reasonably have been drawn from the

evidence available to the financial institution at the time of its investigation, then the consumer shall

be entitled to treble damages determined under 15 U.S.C. § 1693m(a)(1).

81. The consumer may be held liable for an unauthorized electronic fund transfer where

a financial institution provides the required notices under 15 U.S.C. § 1693c and 12 C.F.R. § 1005.7(b).

15 U.S.C. § 1693g; 12 C.F.R. § 1005.6. Liability of the consumer, if applicable, is limited to $50 if the

consumer notifies the institution within two business days after learning of the loss or $500 if the

consumer does not notify the institution within two business days after learning of the loss. Id.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 20 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

B. Coinbase is subject to the EFTA.

82. Coinbase is a “financial institution” as defined by the EFTA because it is a corporation

that holds accounts belonging to consumers, including Plaintiffs and the Class. Coinbase provides

users with (a) hosted Digital Currency wallet(s) for holding digital currencies, and (b) hosted U.S.

Dollars wallet(s) for holding U.S. dollars.

83. Plaintiffs and the Class are “consumers” as defined by the EFTA because they are

natural persons.

84. The Coinbase accounts held by Plaintiffs and the Class are “accounts” as defined by

the EFTA and/or Regulation E, 12 C.F.R. §§ 1005.1–.20, because they are asset accounts held directly

by Coinbase and established primarily for personal, family, or household purposes. The Coinbase

accounts held by Plaintiffs and the Class are used for such those purposes—i.e., intended to earn

income from appreciating assets—and not for business purposes.

85. The electronic fund transfers at issue have been “unauthorized electronic fund

transfers” because they were initiated by a person other than Plaintiffs or the Class by fraud, without

actual authority to initiate such transfers, and from which Plaintiffs and the Class have received no

benefit. The primary purpose of these transfers has not been the purchase or sale of securities or

commodities, but rather to steal securities or commodities.

86. Plaintiffs and the Class have provided timely actual and/or constructive notice to

Coinbase of the unauthorized electronic transfers from their accounts. Indeed, Coinbase knew or

should have known of the repeated and widespread breaches of its security and subsequent theft of

funds, as well as the repeated and widespread requests for assistance from Plaintiffs and the Class.

Coinbase should have been aware of and prepared to handle inquiries concerning unauthorized

electronic transfers from the Coinbase accounts of Plaintiffs and the Class, and it should have taken

steps to monitor those accounts for unauthorized transfers.

87. Coinbase has failed to timely and in good faith investigate the unauthorized electronic

transfers from the Coinbase accounts of Plaintiffs and the Class, as required by 15 U.S.C. §§

1693f(a)(3) and 1693f(d), because it failed to conduct a timely and reasonable review of its own

records. See 12 C.F.R. § 205.11(c)(4); see also Supp. I to § 205 at 11(c)(4)–5. Indeed, adequate and timely

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 21 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

investigations would have easily led Coinbase to the conclusion that fraud had occurred, given that

Plaintiffs and the Class have not authorized the transfers at issue, that the fraudulent transfers have

been made to accounts other than those Plaintiffs and the Class used to fund their Coinbase accounts,

and that these fraudulent transfers have been widely reported as a common issue on the Coinbase

exchange. Accordingly, Plaintiffs and the Class are entitled to compensatory damages, attorneys’ fees,

and costs for Coinbase’s inadequate investigation pursuant to 15 U.S.C. § 1693m(a).

88. Further, Coinbase has failed to timely correct the “errors” (as noted above, statutorily

defined to include “unauthorized electronic fund transfers”), or to correct the “errors” at all, in the

Coinbase accounts of Plaintiffs and the Class. Coinbase failed to timely credit or provisionally recredit

those accounts, or failed to credit or provisionally recredit those accounts at all, after those accounts

had been breached and drained of funds. 15 U.S.C. § 1693f(b)–(c). This failure, separately, results in

compensatory damages owed to Plaintiffs and the Class pursuant to 15 U.S.C. § 1693m(a). In addition,

because Coinbase never provided disclosures compliant with 12 C.F.R. § 1005.7(b) to Plaintiffs or the

Class, Plaintiffs and the Class have no liability for the unauthorized electronic fund transfers under 15

U.S.C. § 1693g and/or 12 C.F.R. § 1005.6.

89. Because Coinbase has not timely provisionally recredited, or provisionally recredited

at all, the Coinbase accounts of Plaintiffs and the Class, and because Coinbase failed to conduct timely,

good faith investigations into the unauthorized transactions that Plaintiffs and the Class have actually

or constructively reported (by, for example, failing to provide Plaintiffs and the Class reasonable access

to timely and effective customer service or otherwise engaging in any sort of good faith investigation

of unauthorized electronic fund transfers), Coinbase is liable for treble damages under the EFTA.

90. Coinbase is further liable for treble damages under the EFTA because it has not had

a reasonable basis for believing the Coinbase accounts of Plaintiffs and the Class were not in “error.”

Instead, Coinbase failed to use the resources and procedures necessary to timely resolve, or resolve at

all, the fraud that has been occurring on those accounts, demonstrating that Coinbase has been unable

or unwilling to timely form, or form at all, a reasonable basis for believing those accounts were not in

“error.” Moreover, to the extent Coinbase has concluded that the Coinbase accounts of Plaintiffs and

the Class accounts were not in “error,” Coinbase has knowingly and willfully reached that conclusion

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 22 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

when it could not reasonably have been drawn from the evidence available to Coinbase at the time of

any investigation.

91. Plaintiffs and the Class are therefore entitled to compensatory damages, attorneys’

fees, and costs for this claim under 15 U.S.C. § 1693m, as well as treble damages under 15 U.S.C. §

1693f(e).

CLAIM 2

VIOLATION OF EFTA AND REGULATION E CUSTOMER SERVICE PROVISIONS

15 U.S.C. § 1693f(f)(6); 12 C.F.R. § 1005.11(a)(7)

On Behalf of All Class Members

92. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

93. The EFTA, 15 U.S.C. § 1693f(f)(6), and Regulation E, 12 C.F.R. § 1005.11(a)(7), (c),

require financial institutions to address “a consumer’s request for additional information or

clarification concerning an electronic fund transfer” within ten business days of receiving notice of

error, or within 45 calendar days if the financial institution provisionally recredits the consumer’s

account, with interest where applicable, within ten business days of receiving the notice of error.

94. Plaintiffs and the Class are “consumers” within the meaning of the EFTA and

Regulation E.

95. Coinbase, a “financial institution,” has violated the EFTA and Regulation E by failing

to timely provide information or clarification concerning electronic fund transfers, including requests

made by Plaintiffs and the Class to determine whether there were unauthorized electronic transfers

from their Coinbase accounts. See U.S.C. § 1963f(f)(6); 12 C.F.R. § 1005.11.

96. Coinbase is liable to Plaintiffs and the Class for statutory damages, attorneys’ fees, and

costs for this claim under 15 U.S.C. § 1693m.

Consumers have a private right of action for violations of Regulation E. See Lussoro v. Ocean Fin.

Fed. Credit Union, 456 F. Supp. 3d 474, 492 (E.D.N.Y. 2020).

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 23 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

CLAIM 3

VIOLATION OF REGULATION E NOTICE REQUIREMENTS

15 U.S.C. § 1693c; 12 C.F.R. § 1005.7

On Behalf of All Notice Requirement Class Members

97. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

98. 15 U.S.C. § 1693c and Regulation E, 12 C.F.R. § 1005.7, require all financial institutions

to make the disclosures set forth in § 1005.7 before the first electronic fund transfer is made involving

a consumer’s account.

99. Coinbase, a “financial institution,” has violated Regulation E by failing to provide

adequate initial disclosures to Plaintiffs and members of the Notice Requirement Class including, as

applicable:

(1) a summary of liability of Plaintiffs and the Class, under 12 CFR § 1005.6 or

under state or other applicable law or agreement, for unauthorized electronic fund transfers;

(2) the telephone number and address of the person or office to be notified when

a Plaintiff of member of the Class believes that an unauthorized electronic fund transfer has

been or may be made;

(3) Coinbase’s business days;

(4) the type of electronic fund transfers that Plaintiffs and the Class may make and

any limitations on the frequency and dollar amount of transfers;

(5) any fees imposed by Coinbase for electronic fund transfers or for the right to

make transfers;

(6) a summary of the rights of Plaintiffs and the Class to receipts and periodic

statements, as provided in 12 CFR § 1005.9 of this part, and to notices regarding preauthorized

transfers as provided in 12 CFR § 1005.10(a) and (d);

(7) a summary of the rights of Plaintiffs and the Class to stop payment of a

preauthorized electronic fund transfer and the procedure for placing a stop-payment order, as

provided in 12 CFR § 1005.10(c);

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 24 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

(8) a summary of Coinbase’s liability to Plaintiffs and the Class for failure to make

or to stop certain transfers;

(9) the circumstances under which, in the ordinary course of business, Coinbase

may provide information to third parties concerning the Coinbase accounts of Plaintiffs and

the Class;

(10) A notice that is substantially similar to Model Form A-3 as set out in Appendix

A of 12 CFR §§ 1005.1 et seq. concerning error resolution; and

(11) a notice that a fee may be imposed by an automated teller machine operator as

defined in 12 CFR § 1005.16(a), when a Plaintiff or member of the Class initiates an electronic

fund transfer or makes a balance inquiry, and by any network used to complete the transaction.

100. As a result of Coinbase’s violation of the notice requirements of 15 U.S.C. § 1693c and

Regulation E, Plaintiffs and the Notice Requirement Class are entitled to statutory damages, attorneys’

fees, and costs for this claim under 15 U.S.C. § 1963m(a).

CLAIM 4

NEGLIGENCE

On Behalf of All Class Members

101. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

102. Coinbase owed a duty of reasonable care toward Plaintiffs and the Class based upon

Coinbase’s relationship to them.

103. Coinbase breached this duty by negligently, carelessly, and recklessly collecting,

maintaining, and controlling its customers’ funds and cryptocurrency and by failing to protect them

from exposure to unauthorized third parties.

104. As a direct and foreseeable consequence of Coinbase’s breach of its duty of care,

Plaintiffs and the Class were injured and are entitled to damages available by law in an amount to be

proven at trial.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 25 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

CLAIM 5

NEGLIGENT MISREPRESENTATION

On Behalf of All Class Members

105. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

106. Coinbase represented to Plaintiff and the Class, through its statements and

categorizations, that it offered a safe and secure platform for the exchange and storage of funds,

cryptocurrency, and other assets.

107. Coinbase failed to conduct a reasonable and diligent investigation of the

representations it made to Plaintiffs and the Class to ensure that those statements were true and that

there was no omission of material facts required to make the representations not misleading. Coinbase,

in the exercise of reasonable care, should have known its statements and omissions were misleading.

108. Coinbase owed a duty to Plaintiffs and the Class to speak with care and explain fully

and truthfully all material facts regarding the security of their Coinbase accounts and the availability

and methods of remediating errors in electronic transfers. This duty arose from several bases under

state and federal law, including Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45, which

prohibits “deceptive acts or practices in or affecting commerce.” This provision encompasses material

representations, omissions, or practices that are likely to mislead a reasonable consumer.

109. Coinbase’s duty to speak with care arose from its relationship with Plaintiffs and the

Class and its unique position in the cryptocurrency market. Because of its critical role within the

cryptocurrency exchange market, Coinbase was in a superior position to protect against the harm

suffered by Plaintiffs and the Class.

110. The relationship between Coinbase and Plaintiffs and the Class is such that, in morals

and good conscience, Plaintiffs and the Class had the right to rely upon Coinbase for information.

Coinbase was in a special position of confidence and trust with Plaintiffs and the Class such that their

reliance on Coinbase’s negligent misrepresentations was justified.

111. Coinbase knew, or reasonably should have known, that Plaintiffs and the Class would

rely on its misrepresentations and omissions in using the Coinbase platform and exchange for the

transfer and storage of funds, assets, and cryptocurrencies.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 26 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

112. Coinbase’s negligent misrepresentations and omissions, upon which Plaintiffs and the

Class reasonably and justifiably relied, were intended to induce, and actually induced, Plaintiffs and

the Class to use the Coinbase platform and exchange for the transfer and storage of funds, assets, and

cryptocurrencies.

113. As a direct and proximate cause of their reliance on Coinbase’s representations,

Plaintiffs and the Class have been injured and are entitled to damages available by law in an amount

to be proven at trial.

CLAIM 6

BAILMENT

Common Law and Cal. Civ. Code §§ 1813

et seq.

On Behalf of All Class Members

114. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

115. Plaintiffs and the Class deposited funds and cryptocurrencies into their Coinbase

accounts in order to use, store, keep, sell, trade, or exchange cryptocurrencies.

116. Plaintiffs and the Class gave consideration for the funds and cryptocurrencies

deposited with Coinbase in the form of commissions and fees.

117. Coinbase is a bailee of the personal property of Plaintiffs and the Class. Plaintiffs and

the Class are bailors of their personal property.

118. As a bailee, Coinbase had an obligation to return or account for the deposited personal

property upon demand.

119. By its own acts or omissions, Coinbase caused the personal property deposited by

Plaintiffs and the Class to be lost.

120. Coinbase has refused to return the personal property deposited by Plaintiffs and the

Class.

121. Coinbase has refused to provide complete disclosure to Plaintiffs and the Class

regarding the circumstances under which the loss of property occurred. As a result, Coinbase is

presumed to have willfully, or by gross negligence, permitted the loss or injury to occur pursuant to

Cal. Civ. Code § 1838.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 27 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

122. As a result of Coinbase’s failure to fulfill its obligations and duties as a bailee, Plaintiffs

and the Class have been injured because they are deprived of their personal property.

CLAIM 7

VIOLATION OF CALIFORNIA UNIFORM COMMERCIAL CODE DIVISION 8

Cal. Comm. Code § 8507(b)

On Behalf of All Class Members

123. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

124. Coinbase characterizes itself as a “securities intermediary” and characterizes Coinbase

wallets as “financial assets,” which are subject to Division 8 of the California Uniform Commercial

Code (“UCC”).

125. Under UCC § 8102(a)(7), the owner of assets held in an account with a securities

intermediary is an “entitlement holder.”

126. If Coinbase’s characterization of the relationship is correct, at the time of the

unauthorized transfers alleged herein, Plaintiffs and the Class were “entitlement holders” with respect

to the assets held in their Coinbase accounts.

127. Under UCC § 8102(a)(8), an order for a securities intermediary to transfer assets is an

“entitlement order.”

128. Under UCC § 8107(b), an entitlement order is only “effective” if it is made by the

entitlement holder or an authorized agent or ratified by the entitlement holder.

129. The orders for the unauthorized transfers from the Coinbase accounts of Plaintiffs

and the Class, as alleged herein, were not effective because they were not made by Plaintiffs or the

Class or by their authorized agents, nor were they ratified by Plaintiffs or the Class.

130. Nonetheless, Coinbase completed those unauthorized transfers even though they were

made pursuant to ineffective entitlement orders.

131. Pursuant to UCC § 8507(b), Coinbase is obligated to credit the Coinbase accounts of

Plaintiffs and the Class to correct the unauthorized transfers and to pay or credit any payments or

distributions that Plaintiffs and the Class did not receive as a result of the wrongful transfers, in

addition to liability for damages.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 28 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

132. As a direct and foreseeable consequence of Coinbase’s transfer of the assets of

Plaintiffs and the Class pursuant to ineffective and invalid entitlement orders, and of Coinbase’s failure

to credit the Coinbase accounts of Plaintiffs and the Class to correct those unauthorized transfers,

Plaintiffs and the Class were injured.

CLAIM 8

VIOLATION OF CALIFORNIA CONSUMER LEGAL REMEDIES ACT

Cal. Civ. Code §§ 1750

et seq.

On Behalf of All Class Members

133. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

134. At all relevant times, Plaintiffs and the Class were “consumers” under the terms of the

California Consumer Legal Remedies Act (“CLRA”), Cal. Civ. Code §§ 1750 et seq., as individuals

seeking or acquiring, by purchase or lease, goods or services for personal, family, or household

purposes.

135. Coinbase’s actions and conduct constituted transactions for the sale or lease of goods

or services to consumers under the terms of the CLRA. The assets involved in the unauthorized

transactions are “goods” and Coinbase’s financial and online platform services are “services” under

the CLRA.

136. Coinbase violated the CLRA by, among other things, making false statements and

omitting truthful information about its services and including unconscionable and/or unlawful

provisions in its contracts with Plaintiffs and the Class.

137. Coinbase’s misrepresentations were material. Coinbase’s violations of the CLRA were

a substantial factor in causing Plaintiffs and the Class to use Coinbase’s services.

138. As a direct and proximate consequence of these actions, Plaintiffs and the Class

suffered injury.

139. Coinbase’s conduct was malicious, fraudulent, and wanton in that it intentionally and

knowingly provided misleading information to Plaintiffs and the Class and refused to remedy the

breach of its platform and exchange long after learning of the inadequacy of its data protection and

security measures and of the unauthorized access and use of its customers’ accounts.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 29 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

CLAIM 9

VIOLATION OF CALIFORNIA UNFAIR COMPETITION LAW

Cal. Bus. & Prof. Code §§ 17200

et seq.

On Behalf of All Class Members

140. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

141. Coinbase and Plaintiffs and the Class are “persons” within the meaning of the

California Unfair Competition Law (“UCL”). Cal. Bus. & Prof. Code § 17201.

142. Coinbase engaged in unlawful, fraudulent, and/or unfair conduct that is harmful and

deceiving to consumers within the meaning of the UCL.

143. Plaintiffs and the Class suffered injuries in fact and lost money or property as a result

of Coinbase’s violations of the UCL.

144. Coinbase’s conduct is substantially injurious to consumers, offends legislatively-

declared public policy as announced by the violations of the laws alleged, and is immoral, unethical,

oppressive, and unscrupulous. The gravity of Coinbase’s wrongful conduct outweighs any alleged

benefits attributable to such conduct. There were reasonably available alternatives to further

Coinbase’s legitimate business interests other than engaging in this wrongful conduct.

CLAIM 10

VIOLATION OF FLORIDA DECEPTIVE AND UNFAIR TRADE PRACTICES ACT

Fla. Stat. §§ 501.201

et seq.

On Behalf of All Florida Subclass Members

145. Plaintiff Abraham Bielski repeats and realleges the allegations of the paragraphs above

as if fully set forth herein.

146. Plaintiff Abraham Bielski and the Florida Subclass are “consumers” and “persons”

within the meaning of the Florida Deceptive and Unfair Trade Practices Act (“FDUTPA”). Fla. Stat.

§§ 501.203, 501.211.

147. Coinbase advertised, offered, or sold goods or services in Florida and engaged in

commerce affecting Florida residents, including Plaintiff Abraham Bielski and the Florida Subclass.

148. Coinbase engaged in unconscionable acts or practices, and in unfair or deceptive acts

or practices, in the conduct of its business and operation of the Coinbase platform and exchange.

These acts or practices included, among other things, making false statements and omitting truthful

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 30 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

information about Coinbase’s services and including unconscionable and/or unlawful provisions in

its contracts with Plaintiff Abraham Bielski and the Florida Subclass.

149. Coinbase’s misrepresentations and omissions were material because they were

reasonably likely to deceive reasonable consumers about the adequacy of Coinbase’s safety and

security measures and its compliance with laws and standards relating to financial account security and

the correction of errors relating thereto.

150. Plaintiff Abraham Bielski and the Florida Subclass acted reasonably in relying on the

misrepresentations and omissions of Coinbase and could not reasonably have uncovered the falsity of

those misrepresentations and omissions.

151. Plaintiff Abraham Bielski and the Florida Subclass suffered actual damages and lost

money or property as a direct and proximate result of Coinbase’s violations of FDUTPA.

152. Had Coinbase disclosed to Plaintiff Abraham Bielski and the Florida Subclass its actual

safety and security standards for their accounts, and/or its refusal to make them whole if they were to

fall victim to unauthorized electronic fund transfers out of their accounts, Plaintiff Abraham Bielski

and the Florida Subclass would not have provided funds, cryptocurrency, or other assets to Coinbase

for storage on the Coinbase platform and would not have used the Coinbase exchange for the transfer

of funds, cryptocurrency, or other assets.

153. Plaintiff Abraham Bielski and the Florida Subclass seek all monetary and equitable

relief allowed by law, including actual or nominal damages under Fla. Stat. § 501.211, declaratory and

injunctive relief, attorneys’ fees and costs pursuant to Fla. Stat. § 501.2105(1), and any other relief

available under FDUTPA.

CLAIM 11

VIOLATION OF NEW YORK GENERAL BUSINESS LAW § 349

On Behalf of All New York Subclass Members

154. Plaintiff Dzhura Binyaminov repeats and realleges the allegations of the paragraphs

above as if fully set forth herein.

155. Plaintiff Dzhura Binyaminov and the New York Subclass are persons within the

meaning of N.Y. Gen. Bus. § 349(g).

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 31 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

156. Coinbase is a person, firm, corporation, or association within the meaning of N.Y.

Gen. Bus. § 349(b).

157. Coinbase engaged in deceptive acts and practices in the conduct of business, trade,

and commerce by, among other things, making false statements and omitting truthful information

about Coinbase’s services and including unconscionable and/or unlawful provisions in its contracts

with Plaintiff Dzhura Binyaminov and the New York Subclass.

158. A reasonable consumer would be misled by these deceptive acts and practices.

159. These deceptive acts and practices were consumer-oriented.

160. These deceptive acts and practices as to Plaintiff Dzhura Binyaminov and the New

York Subclass occurred in New York. The New York Department of Financial Services issued

Coinbase a New York Money Transmitter License and a New York Virtual Currency Business Activity

Company License to regulate its activities in New York. Thus, New York has a significant interest in

enforcing its consumer protection statutes, including New York General Business Law § 349.

161. Plaintiff Dzhura Binyaminov and the New York Subclass were injured as a direct and

proximate result of Coinbase’s deceptive acts and practices because they lost access to and control

over their funds, cryptocurrency, or other assets.

162. Plaintiff Dzhura Binyaminov and the New York Subclass are entitled to injunctive

relief and to actual damages or $50 per violation, at their individual elections, because of Coinbase’s

deceptive acts and practices. See N.Y. Gen. Bus. § 349(h). Plaintiff Dzhura Binyaminov and the New

York Subclass are also entitled to treble damages, because Coinbase’s actions were willful and

knowing.

163. Plaintiff Dzhura Binyaminov and the New York Subclass are entitled to reasonable

costs and attorneys’ fees. See N.Y. Gen. Bus. § 349(h).

CLAIM 12

UNJUST ENRICHMENT

On Behalf of All Class Members

164. Plaintiffs repeat and reallege the allegations of the paragraphs above as if fully set forth

herein.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 32 of 34

THIRD AMENDED CLASS ACTION COMPLAINT

Bielski, et al. v. Coinbase, Inc., No. 3:21-cv-07478-WHA

165. Plaintiffs and the Class conferred a benefit upon Coinbase through depositing funds

and cryptocurrencies into their Coinbase accounts, and they paid Coinbase commissions and fees to

maintain those funds and cryptocurrencies and to process transactions conducted on the Coinbase

platform.

166. As a result of Coinbase’s actions and omissions as alleged herein, Coinbase has been

unjustly enriched at the expense of Plaintiffs and the Class. Under principles of equity, Coinbase

should not be allowed to retain the commissions and fees paid to it by Plaintiffs and the Class, and

Coinbase should not be allowed to retain the funds and assets held within Plaintiffs’ and the Class’s

Coinbase accounts.

167. Plaintiffs and the Class have no adequate remedy at law.

PRAYER FOR RELIEF

Plaintiffs pray for relief as follows:

a. Compensatory damages;

b. Statutory damages;

c. Treble damages;

d. Restitution;

e. Disgorgement;

f. Punitive damages;

g. Attorneys’ fees and costs;

h. Pre- and post-judgment interest, as applicable; and

i. All further relief as the Court deems just and proper.

DEMAND FOR TRIAL BY JURY

Plaintiffs hereby respectfully demand a trial by jury on all claims.

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 33 of 34

1 Date:

November

28, 2022 Is I H

assan

A . Z

avareei

Hassan A. Zavareei (State B

. 181547)

hzavareei@tzlegaL

com

Spencer S. Hughes (appearance

pro

hac

vice

)

shughes@tzlegaLcom

TYCKO & ZAVAREEI LLP

1828 L Street, Northwest, Suite 1000

\Vashington, District

Columbia 20036

Telephone: (202) 973-0900

Facsimile: (202) 973-0950

Sabita

Soneji (State B

. 224262)

ssonefi@tzlegaL

\Vesley M. Griffith (State B

. 286390)

1vgrijfith@tzlegaL

TYCKO & ZAVAREEI LLP

1970 Broadway, Suite 1070

Oakland, California 94612

Telephone: (510) 254-6808

Facsimile: (202) 973-0950

Matthew D . Carlson (State B

. 273242)

mdcadson@mdcarlsonlaw

com

LAW OFFICE

MATTHEW

CARLSON

3959

North

Buffalo Road, Suite 29

Orchard

Park,

New

York

14127

Telephone:

16) 242

-1

234

ounsel

far P

laintiffs

Abraham B

ielski,

zhura

if!Jlaminov,

and Auryan

Sajjadi

THIRD

AMEND

CLASS

ACTION

COMPLAINT

ielski,

v. C

oinbase,

. 3:

-cv-07478-

WHA

Case 3:21-cv-07478-WHA Document 103 Filed 11/28/22 Page 34 of 34