Monday 02 28, 2022

Firm Files Lawsuit Against Uphold HQ Inc Over Faulty Two-Factor Authentication

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the cryptocurrency exchange. The Complaint, which is available HERE, details the experiences of several individuals whose accounts were accessed and depleted by unauthorized third-party users.

Among other things, the Complaint alleges that Uphold used inadequate multi-factor authentication (“MFA”), which allowed unauthorized users to remove and change two-factor authentication devices that users had installed via an automated process. Whereas most cryptocurrency exchanges adopt the normal industry practice of requiring robust identity proofing before a user can change their MFA device, the Complaint explains how Uphold’s procedure empowered bad actors to make changes to these crucial account protections without any of the usual safeguards commonly used in the industry, such as identity proofing.

As a result, the Complaint alleges, unauthorized users were able to bypass accountholders’ MFA devices, gain access to their Uphold accounts, and then empty the accounts of their cryptocurrencies. To date, Uphold has not disclosed or even publicly acknowledged this major vulnerability in its systems, leaving its users unwittingly exposed to this risk. As a result, cybercriminals continue to utilize this exploit to rob Uphold users of their funds. When they succeed, Uphold offers its accountholders little recourse. In some cases, it leaves their remaining funds locked indefinitely while it conducts an endless investigation. But even in instances where Uphold has successfully restored access and functionality to its accountholders, it refuses to refund the money that was stolen from them.

“What makes this situation particularly tragic for Uphold’s genuine users is that Uphold has been receiving reports like this for months,” Hollist noted. “Users who had their accounts robbed in 2022 are going online to find forums filled with others who had this happen to them in summer of 2021. It’s incredibly frustrating because it feels like these recent losses could have been avoided if Uphold had taken action to address them last summer.”

The class action seeks recovery on behalf of all victims whose accounts were robbed following an MFA failure. However, the case is still in its early exploratory stages. If you have personal experience with having cryptocurrency stolen from your Uphold account and would like to join in the class action, please contact our litigation team here.

This entry was posted on Monday, February 28, 2022 and is filed under General News & Firm Announcements, Internet Law News.

Related articles

Privacy & Cybersecurity

CCPA Opt-out Buttons as Options for CCPA Compliance

The proverbial dust from the implementation of the California Consumer Protection Act (“CCPA”) has settled. And at this point, most businesses are aware that under the CCPA, California residents have...

Read Article

Privacy & Cybersecurity

Firm Files Lawsuit Against Uphold HQ Inc Over

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the cryptocurrency exchange...

Read Article

Privacy & Cybersecurity

Secure Passwords Are the Key to Your Online

Over 50% of Americans have been a victim of cybercrime, and one of the most common ways criminals gain access to our personal information is by stealing passwords. A strong...

Read Article

Privacy & Cybersecurity

How to Keep Up With New Privacy Laws

There has been a wave of emerging and detailed privacy laws from the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the General...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online


Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.