Monday 02 28, 2022

Firm Files Lawsuit Against Uphold HQ Inc Over Faulty Two-Factor Authentication

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the cryptocurrency exchange. The Complaint, which is available HERE, details the experiences of several individuals whose accounts were accessed and depleted by unauthorized third-party users.

Among other things, the Complaint alleges that Uphold used inadequate multi-factor authentication (“MFA”), which allowed unauthorized users to remove and change two-factor authentication devices that users had installed via an automated process. Whereas most cryptocurrency exchanges adopt the normal industry practice of requiring robust identity proofing before a user can change their MFA device, the Complaint explains how Uphold’s procedure empowered bad actors to make changes to these crucial account protections without any of the usual safeguards commonly used in the industry, such as identity proofing.

As a result, the Complaint alleges, unauthorized users were able to bypass accountholders’ MFA devices, gain access to their Uphold accounts, and then empty the accounts of their cryptocurrencies. To date, Uphold has not disclosed or even publicly acknowledged this major vulnerability in its systems, leaving its users unwittingly exposed to this risk. As a result, cybercriminals continue to utilize this exploit to rob Uphold users of their funds. When they succeed, Uphold offers its accountholders little recourse. In some cases, it leaves their remaining funds locked indefinitely while it conducts an endless investigation. But even in instances where Uphold has successfully restored access and functionality to its accountholders, it refuses to refund the money that was stolen from them.

“What makes this situation particularly tragic for Uphold’s genuine users is that Uphold has been receiving reports like this for months,” Hollist noted. “Users who had their accounts robbed in 2022 are going online to find forums filled with others who had this happen to them in summer of 2021. It’s incredibly frustrating because it feels like these recent losses could have been avoided if Uphold had taken action to address them last summer.”

The class action seeks recovery on behalf of all victims whose accounts were robbed following an MFA failure. However, the case is still in its early exploratory stages. If you have personal experience with having cryptocurrency stolen from your Uphold account and would like to join in the class action, please contact our litigation team here.

This entry was posted on Monday, February 28, 2022 and is filed under General News & Firm Announcements, Internet Law News.

Related articles

Privacy & Cybersecurity

4 Ways to Protect Your Crypto

If you own any cryptocurrency, it's important to take steps to protect it from hackers and other bad actors. Here are four ways to do so. Use Two-Factor Authentication for...

Read Article

Privacy & Cybersecurity

Don’t Get Shaken Down by a Privacy Lawsuit

With emerging data privacy and security laws, plaintiffs and class action law firms have been filing novel legal actions, including large class actions seeking statutory damages and fees. Virtually every...

Read Article

Privacy & Cybersecurity

CCPA v. CPRA – Privacy Laws Compared

The California Consumer Privacy Act (CCPA) is still relatively new, and now there is another expansive privacy law in California, the California Privacy Rights Act (CPRA). In November 2020, California...

Read Article

Privacy & Cybersecurity

Secure Passwords Are the Key to Your Online

Over 50% of Americans have been a victim of cybercrime, and one of the most common ways criminals gain access to our personal information is by stealing passwords. A strong...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online


Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.