TL;DR:
- Coinbase faces a federal lawsuit over crypto allegedly frozen after a $55 million DAI phishing theft tied to a DeFi Saver login scam.
- The plaintiff says traced funds entered a Coinbase account after Tornado Cash laundering, but Coinbase requires a court order before release.
- The case spotlights recovery friction between blockchain analytics, exchange freezes, ownership adjudication and victim restitution after scam-as-a-service thefts involving Inferno Drainer and hired tracing firms afterward.
Coinbase is facing a federal lawsuit over crypto it froze after a $55 million DAI phishing theft, turning a recovery win into a custody dispute. The Puerto Rico-based plaintiff says stolen assets from an August 2024 DeFi Saver incident were traced into a Coinbase retail account after being laundered through Tornado Cash. Coinbase allegedly froze the funds but declined to release them without a court order. The tension is frozen assets becoming stranded evidence, because the exchange may have stopped dissipation while still leaving the victim to litigate ownership before any return.
Frozen Funds Expose Crypto Recovery Friction
The complaint, filed Monday in San Francisco federal court, asks the judge to declare the plaintiff the rightful owner of the frozen assets and order Coinbase to return them. It also names an unknown John Doe defendant accused of carrying out the theft. According to the filing, Coinbase acknowledged it held traced funds and indicated that ownership needed to be adjudicated before release. In practical terms, asset tracing reached the exchange before legal finality, exposing the gap between blockchain analytics, exchange freezes and the court process needed to move funds to a claimant.
The underlying theft shows why that gap matters. The attacker allegedly used a fraudulent DeFi Saver login page to trick the victim into clicking a malicious link and authorizing wallet access. The exploit was tied to Inferno Drainer, a scam-as-a-service wallet-draining platform that helps attackers steal assets without exploiting protocol code directly. Afterward, the victim notified law enforcement and hired Zero Shadow and Five Stones intelligence to trace the funds. That makes the case less about code failure than deception infrastructure, where phishing, laundering and compliance response collide after assets become traceable.
Zero Shadow notified Coinbase on Nov. 30, 2024, that stolen funds linked to the theft had entered a Coinbase address. On Dec. 2, Coinbase confirmed the address belonged to a user and said it had applied friction measures to prevent dissipation pending investigation. The complaint says the crypto in that account is identifiable property traceable to the stolen assets. For the industry, the lawsuit tests exchange responsibility after freezes, because stopping suspicious movement is only half the recovery question. The harder issue is who decides when frozen crypto can leave custody and return to a victim.
