February 28, 2022

Firm Files Lawsuit Against Uphold HQ Inc Over Faulty Two-Factor Authentication

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the Uphold.com cryptocurrency exchange. The Complaint, which is available HERE, details the experiences of several individuals whose accounts were accessed and depleted by unauthorized third-party users.

Among other things, the Complaint alleges that Uphold used inadequate multi-factor authentication (“MFA”), which allowed unauthorized users to remove and change two-factor authentication devices that users had installed via an automated process. Whereas most cryptocurrency exchanges adopt the normal industry practice of requiring robust identity proofing before a user can change their MFA device, the Complaint explains how Uphold’s procedure empowered bad actors to make changes to these crucial account protections without any of the usual safeguards commonly used in the industry, such as identity proofing.

As a result, the Complaint alleges, unauthorized users were able to bypass accountholders’ MFA devices, gain access to their Uphold accounts, and then empty the accounts of their cryptocurrencies. To date, Uphold has not disclosed or even publicly acknowledged this major vulnerability in its systems, leaving its users unwittingly exposed to this risk. As a result, cybercriminals continue to utilize this exploit to rob Uphold users of their funds. When they succeed, Uphold offers its accountholders little recourse. In some cases, it leaves their remaining funds locked indefinitely while it conducts an endless investigation. But even in instances where Uphold has successfully restored access and functionality to its accountholders, it refuses to refund the money that was stolen from them.

“What makes this situation particularly tragic for Uphold’s genuine users is that Uphold has been receiving reports like this for months,” Hollist noted. “Users who had their accounts robbed in 2022 are going online to find forums filled with others who had this happen to them in summer of 2021. It’s incredibly frustrating because it feels like these recent losses could have been avoided if Uphold had taken action to address them last summer.”

The class action seeks recovery on behalf of all victims whose accounts were robbed following an MFA failure. However, the case is still in its early exploratory stages. If you have personal experience with having cryptocurrency stolen from your Uphold account and would like to join in the class action, please contact our litigation team here.


This entry was posted on Monday, February 28, 2022 and is filed under General News & Firm Announcements, Internet Law News.



Related articles

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

The Federal Trade Commission ("FTC") has continued to be active in the realm of data privacy and security. As an initial matter, it is important to acknowledge that data is...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

With the start of the new year, the Federal Trade Commission (FTC) has been active in ongoing privacy issues. Below outlines some key issues being considered by the FTC. Participation...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

On March 15, 2024, the California Privacy Protection Agency released its 2024-2027 Strategic Plan, which outline the privacy agency’s values and objectives in California. Background The passing of the California...

Read Article

Privacy & Cybersecurity

How to Keep Up With New Privacy Laws

There has been a wave of emerging and detailed privacy laws from the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the General...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.