Coinbase Sued Over Frozen Crypto From $55M DeFi Saver Exploit

A California federal court is weighing a civil claim that challenges Coinbase Global’s handling of frozen digital assets tied to a $55 million DAI phishing theft in August 2024. The Puerto Rico–based plaintiff requests recognition of ownership over the frozen funds and demands their return, arguing the assets are identifiable and traceable property. The complaint also names an unknown John Doe as a defendant, alleged to have carried out the theft.

The suit, filed in the U.S. District Court for the Northern District of California in San Francisco, raises questions about the duties of cryptocurrency exchanges when funds linked to a crime are traced to exchanges after an exploit. The plaintiff contends Coinbase has acknowledged holding the traced funds and has indicated that a court order adjudicating ownership is required before the assets can be released.

Key takeaways

• The Puerto Rico–based plaintiff seeks court-ordered ownership recognition and return of DAI funds frozen in a Coinbase retail account, tying the assets to the August 2024 DeFi phishing incident.
• The complaint asserts that Coinbase holds identifiable, traceable property and has previously demanded the return of the assets, while indicating that a court ruling is needed to release them.
• The 2024 incident was carried out via a phishing attack that leveraged a compromised DeFi Saver login and a scam-as-a-service tool called Inferno Drainer, enabling asset theft without protocol-level exploits.
• Forensic tracing linked the laundering path to a Ukrainian national, Okelsiy Oleksandrovych Gorelikhin, with Coinbase receiving notifications in late 2024 of funds deposited into a Coinbase address and later implementing measures to prevent dissipation.
• The case illustrates ongoing tensions in asset-recovery workflows: exchanges may freeze stolen funds but often face friction in releasing them absent judicial decrees, a dynamic with regulatory and policy implications for AML/KYC frameworks and cross-border enforcement.

Legal contours of asset recovery on exchanges

According to court filings, the plaintiff argues that the funds in question are “traceable property” linked to the plaintiff’s stolen assets and located within a Coinbase account. The complaint contends Coinbase previously acknowledged the existence of the traced funds and stated that ownership determinations require court intervention before any release. This framing places exchanges at a pivotal point in the chain of custody: they must align operational controls with judicial processes when faced with a theft that can be traced across public ledgers and on-chain flows.

The legal question at the heart of the suit concerns the scope of an exchange’s fiduciary responsibility when it receives stolen assets that are demonstrably linked to a crime. If successful, the claim would set a precedent on whether custodians can or must return or transfer such assets before litigation concludes, or must defer to a court order to resolve ownership disputes. The presence of an unnamed John Doe defendant suggests the plaintiffs anticipate additional actors might be implicated in the theft or its laundering trail.

Forensic timeline: tracing the path from theft to a frozen Coinbase account

The August 2024 breach involved a sophisticated phishing operation that duped the victim into authorizing access to a DeFi Saver account, subsequently enabling the attacker to siphon a substantial amount of DAI. A notable feature of this case is the involvement of a “scam-as-a-service” toolset known as Inferno Drainer, which provided a malware-based framework for facilitating asset theft without exploiting protocol-level vulnerabilities. The broader phenomenon of scam-as-a-service tools surged in 2024, with security researchers noting a marked increase in such capabilities across the ecosystem.

Following the breach, multiple blockchain-analytic entities tracked the stolen funds as they moved through the on-chain ecosystem and into various laundering channels. Zero Shadow and Five Stones, two forensic firms, traced the funds and identified a laundering connection to a Ukrainian national, Okelsiy Oleksandrovych Gorelikhin. The timeline includes two key regulatory- and law-enforcement–adjacent events: on November 30, 2024, Zero Shadow notified Coinbase that funds tied to the theft had been deposited into a Coinbase address, prompting requests for due diligence and asset freezing; and on December 2, 2024, Coinbase confirmed that the address belonged to a Coinbase retail user and said it had implemented friction measures intended to prevent dissipation of the assets pending investigation.

The complaint frames the assets held in the Coinbase account as “identifiable property traceable to Plaintiff’s stolen assets,” and notes that Coinbase had previously requested the return of those assets. This sequence underscores how forensic findings and exchange actions feed into civil litigation over recovery rights, and how such proceedings can influence ongoing enforcement actions tied to cyber-enabled thefts.

Regulatory and policy implications for exchanges and policymakers

What unfolds in this case has broader significance for the crypto industry’s regulatory and compliance landscape. First, it highlights the tension between custodial risk management and judicial control over the disposition of recovered funds. Exchanges frequently face balancing acts between freezing suspected stolen funds to prevent dissipation and awaiting court orders to release assets to rightful claimants. This dynamic intersects with AML/KYC frameworks, as well as with cross-border enforcement considerations when actors and funds cross jurisdictional boundaries.

From a policy perspective, the case invites scrutiny of how existing regulatory regimes—whether adjudicated in the United States or overseas—address the custody and disposition of stolen crypto assets. It also touches on the practical implications for stablecoins and their on- and off-ramps, especially as regulators and financial institutions consider how to integrate such assets into compliant banking and settlement ecosystems. While the immediate dispute centers on a U.S. court’s interpretation of ownership and recovery, the outcome could inform parallel disputes elsewhere and influence how exchanges design procedures for asset freeze, disclosure, and release under varying legal regimes.

As the industry navigates these questions, observers will watch for how courts weigh the evidentiary standard of traceability, the adequacy of on-chain linkage, and the sufficiency of interagency cooperation in recovery efforts. In regulations already evolving around anti-money-laundering and know-your-customer obligations, cases like this may help anchor operational expectations for exchanges and forensic firms, while clarifying the thresholds for blocking access to, or reclaiming, stolen assets. The broader policy context remains fluid, with ongoing discussions in multiple jurisdictions about harmonizing standards for asset recovery, cross-border cooperation, and the role of mixers and obfuscation services in illicit activity.

Closing perspective

As civil litigation over crypto-asset recovery unfolds, the case will test the practical boundaries between exchange custody, judicial authority, and forensic tracing. The outcome could shape institutional expectations for asset freezes, owner identification, and the conditions under which exchanges may release funds to claimants, with wide-ranging implications for compliance programs and cross-border enforcement.

This article was originally published as Coinbase Sued Over Frozen Crypto From $55M DeFi Saver Exploit on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.