Monday 02 28, 2022

Firm Files Lawsuit Against Uphold HQ Inc Over Faulty Two-Factor Authentication

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the Uphold.com cryptocurrency exchange. The Complaint, which is available HERE, details the experiences of several individuals whose accounts were accessed and depleted by unauthorized third-party users.

Among other things, the Complaint alleges that Uphold used inadequate multi-factor authentication (“MFA”), which allowed unauthorized users to remove and change two-factor authentication devices that users had installed via an automated process. Whereas most cryptocurrency exchanges adopt the normal industry practice of requiring robust identity proofing before a user can change their MFA device, the Complaint explains how Uphold’s procedure empowered bad actors to make changes to these crucial account protections without any of the usual safeguards commonly used in the industry, such as identity proofing.

As a result, the Complaint alleges, unauthorized users were able to bypass accountholders’ MFA devices, gain access to their Uphold accounts, and then empty the accounts of their cryptocurrencies. To date, Uphold has not disclosed or even publicly acknowledged this major vulnerability in its systems, leaving its users unwittingly exposed to this risk. As a result, cybercriminals continue to utilize this exploit to rob Uphold users of their funds. When they succeed, Uphold offers its accountholders little recourse. In some cases, it leaves their remaining funds locked indefinitely while it conducts an endless investigation. But even in instances where Uphold has successfully restored access and functionality to its accountholders, it refuses to refund the money that was stolen from them.

“What makes this situation particularly tragic for Uphold’s genuine users is that Uphold has been receiving reports like this for months,” Hollist noted. “Users who had their accounts robbed in 2022 are going online to find forums filled with others who had this happen to them in summer of 2021. It’s incredibly frustrating because it feels like these recent losses could have been avoided if Uphold had taken action to address them last summer.”

The class action seeks recovery on behalf of all victims whose accounts were robbed following an MFA failure. However, the case is still in its early exploratory stages. If you have personal experience with having cryptocurrency stolen from your Uphold account and would like to join in the class action, please contact our litigation team here.


This entry was posted on Monday, February 28, 2022 and is filed under General News & Firm Announcements, Internet Law News.



Related articles

Privacy & Cybersecurity

Secure Passwords Are the Key to Your Online

Over 50% of Americans have been a victim of cybercrime, and one of the most common ways criminals gain access to our personal information is by stealing passwords. A strong...

Read Article

Privacy & Cybersecurity

CCPA Opt-out Buttons as Options for CCPA Compliance

The proverbial dust from the implementation of the California Consumer Protection Act (“CCPA”) has settled. And at this point, most businesses are aware that under the CCPA, California residents have...

Read Article

Privacy & Cybersecurity

Firm Files Lawsuit Against Uphold HQ Inc Over

On February 25, 2022, Kronenberger Rosenfeld attorneys Karl Kronenberger and Kate Hollist filed a putative class action lawsuit against Uphold HQ, Inc., the company that runs the Uphold.com cryptocurrency exchange...

Read Article

Privacy & Cybersecurity

4 Ways to Protect Your Crypto

If you own any cryptocurrency, it's important to take steps to protect it from hackers and other bad actors. Here are four ways to do so. Use Two-Factor Authentication for...

Read Article