SIM Swap Attacks in 2026: What Victims Need to Know

If you believe you were the victim of a SIM swap attack and lost cryptocurrency or access to your accounts, start with the video above. It explains what likely happened and what legal options may be available.

SIM swap attacks are rapidly increasing in 2026. They are now one of the most damaging forms of cybercrime affecting crypto holders, investors, and everyday consumers.

These attacks often begin when a mobile carrier transfers a customer’s phone number to a SIM card controlled by a criminal.

Once that happens, the attacker receives your calls, text messages, and security codes.

They can reset passwords and access email accounts, crypto exchanges, and self-custody wallets. In many cases, cryptocurrency and other assets are stolen within minutes.

Victims often realize what happened only after their phone stops working.

Many people searching for a SIM swap attorney or SIM swap lawyer are surprised to learn how complex these cases can be.

SIM swap attacks frequently involve failures by wireless carriers such as T-Mobile, Verizon, AT&T, or other providers.

These failures may include weak authentication procedures, ignored security flags, or unauthorized SIM transfers.

When carrier security failures lead to stolen cryptocurrency or financial losses, victims may have legal claims.

These claims are often pursued through arbitration or litigation under federal telecommunications law and consumer protection rules. Timing matters. Evidence can disappear quickly, and deadlines may apply.

In the video above, Max Dilendorf, founder of Dilendorf Law Firm, explains how SIM swap attacks work.

He also discusses why these crimes are accelerating in 2026 and what victims should do immediately after discovering an attack.

Dilendorf Law Firm has handled more than 130 cybercrime and crypto-related matters. These include SIM swap attacks, cryptocurrency theft, software liability disputes, and AI-related fraud.

The firm regularly represents victims in complex arbitration cases against major mobile carriers.

This video is designed to help victims understand their rights. It explains why acting quickly is critical. It also outlines how working with an experienced SIM swap lawyer can help victims evaluate potential recovery options.

Resources:

1. Cryptocurrency – Internet Crime Complaint Center (IC3)
2. NYDF Consumer Complaint
3. AAA Consumer Arbitration Rules
4. JAMS Comprehensive Arbitration Rules & Procedures
5. Crypto Enforcement
6. Modern Scams: How Scammers are Using Artificial Intelligence and How We Can Fight Back
7. Cryptocurrency Fraud Report 2023
8. Cryptocurrency: Selected Policy Issues
9. Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies
10. Crypto-Assets: Implications for Consumers, Investors, and Businesses
11. Exploring the Cryptocurrency and Blockchain Ecosystem
12. Crypto Assets
13. What To Know About Cryptocurrency and Scams
14. Digital Assets | CFTC
15. Taxpayers need to report crypto, other digital asset transactions on their tax return

Crypto Stolen from Coinbase or Another Exchange? Dilendorf Law Can Help

If your cryptocurrency was stolen from Coinbase or another U.S.-based crypto exchange and the platform denied responsibility, you may still have legal options.

Many victims are told there is nothing an exchange can do—but that is often not the end of the story.

In this video, Max Dilendorf, a New York–based crypto attorney, explains how exchange User Agreements and mandatory arbitration clauses can provide a legal path forward for recovering stolen crypto.

👉 Watch the full video on YouTube:

What This Video Is About

This video focuses on one of the most misunderstood—but most important—documents in crypto disputes: the User Agreement you accepted when opening your exchange account.

Since 2017, Dilendorf Law has worked exclusively in the crypto space.

Since 2019, the firm has been among the first in the U.S. to represent victims of exchange-related crypto theft in arbitration and litigation. To date, the firm has handled 130+ arbitration cases involving stolen customer funds.

In this episode, Max explains:

• Why exchanges rely on User Agreements to deny liability

• How arbitration clauses often replace lawsuits as the only legal remedy

• Why these agreements are legally enforceable—even if you never read them

• How missing a notice or procedural step can permanently block your claim

Key Topics Covered in the Video

1. Reviewing the Exchange User Agreement
If an exchange refuses to reimburse stolen funds, the User Agreement becomes the legal roadmap for your claim. Max explains how to locate and analyze the dispute resolution and arbitration sections.

2. Understanding Mandatory Arbitration
Most U.S. crypto exchanges require disputes to be resolved through private arbitration—not court. The video explains how arbitration works, why it is binding, and what limitations apply.

3. Notice Requirements Before Arbitration
Many exchanges require victims to send a formal written notice before filing arbitration. The video explains common deadlines (30–60 days), delivery methods, and why failing to comply can derail a case.

4. Choosing the Arbitration Forum
The video breaks down the most common arbitration providers used by crypto exchanges:

• American Arbitration Association (AAA)

• JAMS

• National Arbitration and Mediation (NAM)

Each forum has different rules, fees, and procedures—experience matters.

5. Why Legal Strategy Matters
Arbitration decisions are usually final, with limited appeal rights. Max explains why preparation, proper filing, and legal strategy significantly affect outcomes in stolen-crypto cases.

Who Should Watch This Video

This video is especially relevant if:

• Your Coinbase or exchange account was hacked

• You experienced unauthorized withdrawals or transfers

• The exchange denied reimbursement or blamed the user

• You’re unsure how arbitration works or where to start

Need Legal Help After Crypto Theft?

If your crypto was stolen and the exchange refused to help, you may still have options—but timing and procedure are critical.

Contact Dilendorf Law:
📧 info@dilendorf.com
📞 212-457-9797

This video is for educational purposes only and does not constitute legal advice. For guidance specific to your situation, consult a qualified crypto attorney.

On December 17, 2025, Coinbase introduced an updated version of its User Agreement.

While many users expected major changes to arbitration and dispute‑resolution rules, those provisions were not amended and continue to govern how hacked‑account and stolen‑funds disputes must be resolved in 2026.​

For victims whose crypto was stolen from Coinbase, understanding how these terms allocate risk, limit liability, and channel claims into arbitration is critical to planning an effective recovery strategy.

New Services, Same Arbitration Framework

The update primarily adds and clarifies new services rather than changing the core dispute‑resolution mechanics.​

• Coinbase introduced a Token Sale Platform that lets users purchase newly issued digital assets directly from third‑party developers, with Coinbase acting only as a platform provider.​

• The agreement clarifies that U.S. equities trading is conducted through Coinbase Capital Markets Corporation, a registered broker‑dealer affiliate that is legally separate from Coinbase’s digital asset services.​

Even with these additions, the mandatory arbitration provisions and class‑action waiver that apply to most crypto‑related disputes remain in place.

Limitation of Liability

The User Agreement continues to impose significant limitations on Coinbase’s liability.

In most circumstances, a user’s potential recovery is capped at the value of the supported digital assets held in the user’s wallet at the time the claim arises.

Users also generally waive the right to recover lost profits, loss of business opportunities, diminution in value, data loss, or other indirect or consequential damages.

Coinbase also provides its services on an “as is” and “as available” basis, disclaims most warranties, and does not guarantee that transactions will be executed accurately or at all.

Liability beyond these limits is permitted only if a court makes a final determination that the harm resulted from Coinbase’s gross negligence, fraud, willful misconduct, or intentional violation of law.

Coinbase’s allocation of responsibility for account security remains unchanged. The User Agreement places responsibility on users for safeguarding login credentials and expressly disclaims liability for losses resulting from compromised credentials, unauthorized access, or misuse of the Trusted Contacts feature.

Coinbase’s Formal Complaint Process remains unchanged

The User Agreement’s Formal Complaint Process remains unchanged.

Under Section 7.2, users must first attempt to resolve any dispute by contacting Coinbase Support.

If the dispute is not resolved through Coinbase Support, users are required to complete Coinbase’s Formal Complaint Process before filing any arbitration claim under Section 7.3.

Failure to complete the Formal Complaint Process may result in dismissal of the arbitration.

If a dispute proceeds to the Formal Complaint Process, users must submit a complaint using Coinbase’s designated complaint form (or request the form from Coinbase Support), describing the dispute, the requested resolution, and any relevant information.

The Formal Complaint Process is deemed complete when Coinbase responds to the complaint or forty-five (45) business days after Coinbase receives it, whichever occurs first.

Because arbitration cannot be initiated until this process is completed, the Formal Complaint Process serves as a mandatory procedural prerequisite to arbitration under the User Agreement.

For a step-by-step overview of how to comply with Coinbase’s Formal Complaint Process, see:

Arbitration Process Remains Unchanged

The User Agreement’s arbitration provisions also remain unchanged.

Once the Formal Complaint Process is completed, disputes that are not resolved must continue to be pursued through binding arbitration in accordance with the procedures set forth in the User Agreement.

For a detailed, step-by-step overview of how Coinbase arbitration works in practice – including filing requirements, timelines, and procedural considerations – see our previously published guide:

Users should also be aware that the User Agreement continues to include a broad waiver of procedural rights.

Claims against Coinbase must be brought on an individual basis only, and users waive the right to participate in class, collective, or representative actions.

In addition, the User Agreement expressly includes a jury trial waiver, meaning that if any dispute were to proceed in court, it would be resolved by a judge rather than a jury.

The arbitration provisions further permit fee-shifting in limited circumstances. A user may be required to pay Coinbase’s attorneys’ fees and costs if an arbitrator determines that a claim was frivolous or brought for an improper purpose, or if a court finds that the user failed to satisfy required pre-arbitration conditions.

Contact Us

If your Coinbase account was hacked and your crypto was stolen, contact Dilendorf Law Firm to discuss your recovery options and case strategy.

​Our team has represented victims in 130+ crypto cyber-theft arbitrations across major forums (AAA, JAMS, NAM), including cases against Coinbase and other leading U.S. exchanges.

​The firm focuses on stolen-crypto recovery, SIM-swap and account-takeover cases, and User Agreement–based arbitration claims, integrating blockchain forensics and coordinated law-enforcement engagement where appropriate.

Led by crypto attorney Max Dilendorf (practicing in this space since 2017), the firm represents clients nationwide and internationally in high-stakes exchange disputes.

Email info@dilendorf.com or call (212) 457-9797 to schedule a confidential consultation about your Coinbase theft case.

When a Coinbase exchange account is compromised, victims often feel helpless — the platform is slow to respond, funds disappear quickly, and there’s no way to “reverse” a blockchain transaction.

But Coinbase’s User Agreement provides a clear legal path to pursue claims.

This guide walks you through every stage — from filing your initial support ticket to submitting a formal complaint and, if needed, pursuing your claim through the next level of dispute resolution.

1. Can I sue Coinbase in court after my account is hacked?

No. Coinbase’s User Agreement requires disputes to be resolved through binding arbitration, not through state or federal court (with very limited e xceptions).

Appendix 5: Arbitration Agreement
“You and we agree to arbitrate all Disputes in binding arbitration except for the following types of Disputes […]”

In other words:

• You can’t sue Coinbase in court for most hacking-related claims.
• You waive your right to a jury trial.
• You can’t join a class action.

Most hacked-account claims must go through AAA (American Arbitration Association) or JAMS.

2. What should I do first if my account is hacked?

Your first step is to notify Coinbase immediately by filing a support ticket through their help center: help.coinbase.com.

Section 7.1: “If you have feedback, or general questions, contact us via our Customer Support webpage at https://help.coinbase.com.”

This ticket:

• Documents the incident.
• Creates a case number, which is required for the next stage.
• Shows you acted promptly after discovering the hack.

Include as much detail as possible: date and time of the incident, transaction IDs, wallet addresses, suspicious activity, and any phishing or SIM-swap details if applicable.

3. What is the Formal Complaint process and why is it required?

Before filing any arbitration claim or small claims action, you must complete the Formal Complaint process.

Section 7.2:
“If we cannot resolve the dispute through Coinbase Support, you agree to use the Formal Complaint Process set forth below before filing any arbitration claim or small claims action as described further in Appendix 5 below. You must complete the Formal Complaint Process before filing any arbitration or small claims action. If you do not complete it, then you agree that your claim or action must be dismissed from arbitration or small claims court.”

How to file a complaint:

Submit the complaint online using Coinbase’s complaint form.

Section 7.2.1:
“In the event that the dispute is not resolved through your contact with Coinbase Support, you agree to use our complaint form to describe your dispute, how you would like us to resolve the complaint, and any other relevant information.”

Include your support case number, a short description of the hack, the amount stolen, the resolution you seek, and any supporting documents.

Check out our step-by-step guide: How to Give Notice to Coinbase: Formal Complaint Guide

4. How long does Coinbase have to respond to my complaint?

Coinbase has 45 business days to respond to your complaint.

Section 7.2.1:
“The Formal Complaint Process is completed when Coinbase responds to your complaint or forty-five (45) business days after the date we receive your complaint, whichever occurs first.”

If Coinbase doesn’t resolve the issue after this period, you can proceed to arbitration or small claims court.

5. What are my options if Coinbase doesn’t resolve my complaint?

If Coinbase doesn’t resolve your dispute within the 45-day complaint period, you have two options:

1. File a claim in small claims court — but only if your claim meets the court’s jurisdictional limits and remains in small claims court.
2. Proceed to binding arbitration — which applies to most hacked-account cases.

Appendix 5:
“You and we agree to arbitrate all Disputes in binding arbitration except for the following types of Disputes: […] Disputes that are within the jurisdiction of a small claims court. You and we agree that if a Dispute could be brought in a small claims court in the county or parish in which you reside, then it must be brought in that small claims court, not arbitration, provided that it remains in that court and is not removed or appealed to a court of general jurisdiction.”

Most hacking-related disputes involve amounts above small claims limits or become too complex for small claims court, so arbitration is the more common route.

6. How do I file an arbitration claim against Coinbase?

Once the 45-day complaint period has passed and your issue remains unresolved, the next step is to formally file for arbitration.

It starts with completing the AAA Consumer Arbitration Demand Form through adr.org.

Your arbitration demand must include all applicable claims and adhere to the statute of limitations. Missing critical details or deadlines could weaken or void your case.

Appendix 5:
“You and we agree that arbitration under this Arbitration Agreement will, depending on the circumstance, be administered by the American Arbitration Association (‘AAA’) subject to the AAA’s Consumer Arbitration Rules then in effect, except as modified by this Arbitration Agreement. If the AAA is unable or unwilling to administer the arbitration […] you and we agree that JAMS will administer the arbitration.”

This marks the official beginning of the arbitration process. From here, the case moves forward according to the schedule set by the arbitrator.

7. How much does it cost to file an arbitration claim against Coinbase?

Filing an arbitration claim involves a consumer filing fee, which is typically capped at $225 under the AAA Consumer Arbitration Rules.

Coinbase covers the remaining administrative and arbitrator costs, so customers are only responsible for this initial filing fee. Once your claim is submitted, a neutral arbitrator is appointed, and both parties attend a virtual scheduling conference to set deadlines and outline the next steps in the case.

This process ensures the arbitration remains accessible and cost-effective for individual claimants.

8. How long does the arbitration process usually take?

Arbitration isn’t resolved overnight. It typically unfolds over several months — often around 9 to 12 months from filing to decision.

9. Do I need a lawyer to file arbitration against Coinbase?

You’re not required to hire a lawyer, but Coinbase will have legal counsel representing it in arbitration. Having an attorney can make a big difference — they’ll make sure your complaint and arbitration demand meet Coinbase’s procedural requirements, help you gather and organize evidence, and handle all filings and deadlines.

10. How does Coinbase limit its liability?

Coinbase’s Section 8.2 places strict limits on damages:

“IN NO EVENT SHALL COINBASE […] BE LIABLE (I) FOR ANY AMOUNT GREATER THAN THE VALUE OF THE SUPPORTED DIGITAL ASSETS ASSOCIATED WITH YOUR DIGITAL ASSET WALLET AT THE TIME OF THE EVENT […] OR (II) FOR ANY LOST PROFITS, LOSS OF GOODWILL, LOSS OF DATA, DIMINUTION IN VALUE OR BUSINESS OPPORTUNITY, ANY SPECIAL, INCIDENTAL, INDIRECT, INTANGIBLE, OR CONSEQUENTIAL DAMAGES […]”

This means your recovery is generally capped at the value of the stolen crypto at the time of the hack. Coinbase will also argue it isn’t responsible for “glitches,” “bugs,” or third-party actions. A strong legal strategy anticipates these defenses.

Contact Us

If your crypto was stolen from Coinbase exchange and you’re ready to take action, we can help you file your claim, prepare your evidence, and navigate the arbitration process.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457-9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

If your Binance.US account was compromised, the path to resolution exists. These FAQs explain, step by step, who you’re dealing with, the required pre-filing steps, how arbitration works, what it costs, and how to build a strong, well-documented claim to recover your losses.

1. Can I sue Binance.US in court after a hack?

No. Under the Terms, customer disputes go to binding arbitration, not court:
“Arbitration shall be conducted in accordance with the rules of the American Arbitration Association (‘AAA’), Consumer Arbitration Rules, in effect on the date of the Terms you are currently bound by […] [BAM and You] waive any right to proceed in a court of law or to have their claims heard by a jury.”

2. Who exactly do I file against?

BAM Trading Services, Inc. (Binance.US)—not Binance.com. Your notices and arbitration are filed against BAM Trading Services, Inc. Using the wrong entity can delay or derail your claim.

3. What does arbitration look like under the Terms?

Per the Terms:
“The arbitration shall: (1) be conducted by a single, neutral arbitrator in the English language; (2) be held virtually and not in person for all proceedings related to the arbitration, except by mutual agreement of all parties; and (3) be limited to one deposition per party, except by mutual agreement of all parties or upon a showing of need.”
For smaller claims:
“Furthermore, in cases where neither party’s claim(s) or counterclaim(s) exceed $25,000, both parties agree to waive an arbitration hearing and resolve the dispute solely through submissions of documents to the arbitrator.”

4. What steps are required before I can file arbitration?

You must complete all pre-arbitration steps in order:

1. Open a Support Ticket (report the hack).
2. Submit a Formal Complaint to resolutions@binance.us with a clear description and evidence.
3. Send a Notice of Dispute to legal@binance.us (account info, claim summary, and what you want).
   After Binance.US receives a complete Notice:
   “Once a complete Notice of Dispute has been received, the recipient has 60 days to investigate the claims […]. An arbitration cannot be filed until the Informal Resolution Period has ended.”

Skipping or mishandling this Notice lets Binance.US ask the arbitrator to delay or dismiss your case.
(See our companion guide: What to Do If Your Binance.US Account Gets Hacked)

5. How do I actually file with AAA?

After the 60-day informal period ends, submit the AAA Consumer Arbitration Demand Form online (through adr.org) and pay the consumer filing fee.

6. How much will this cost me?

The Terms state:
“Costs of arbitration, including AAA administrative fees, shall be apportioned between you and BAM in accordance with the AAA Consumer Arbitration Rules.”
In practice, the consumer filing fee is capped under the AAA Consumer Rules, and Binance.US covers most administrative/arbitrator fees.

7. What should I expect after filing?

Arbitration begins when you file your claim with AAA and pay the consumer filing fee. Binance.US must then pay the remaining administrative and arbitrator costs under AAA’s fee schedule.

AAA appoints a neutral arbitrator, and a short online scheduling call will set the deadlines for the case. The process includes limited evidence exchange—usually just one deposition per side—and a hearing if necessary. For smaller claims, the case is often resolved entirely on the written submissions.

Most cases take nine to twelve months from filing to decision.

8. What evidence should I gather to strengthen my claim?

Arbitrators rely heavily on the documents submitted. A clean and well-organized file can make or break your case. Make sure to collect transaction IDs, timestamps, screenshots of your account activity, login and device logs, any suspicious API key activity, and all emails or messages with Binance.US support.

It’s also smart to file an IC3 report with the FBI and make a police report—these documents add credibility to your claim. Finally, prepare a short timeline that shows when your account was secure, when the theft happened, and what steps you took afterward.

9. How do I write the arbitration demand?

Your arbitration demand doesn’t need to be written like a legal brief. You’ll need to complete the AAA Consumer Arbitration Demand Form online and submit it through www.adr.org.

A clear, factual statement works best. Include who the parties are, what happened, how much was stolen, and what you’re asking for.

Engaging experienced legal counsel can help you structure a strong, well-supported claim and anticipate the exchange’s defenses. A well-organized demand makes the arbitrator’s job easier — and that often works in your favor.

10. Can I join a class action instead of arbitration?

No. The Terms include a class-action waiver—you must bring your claim individually in arbitration.

11. Do I need a lawyer?

Not required, but Binance.US will have counsel. Having a lawyer on your side can help ensure your Notice of Dispute is valid, your AAA demand is airtight, and your evidence is properly organized and presented.

A skilled legal team can also help you minimize your costs, navigate procedural deadlines, and negotiate a stronger settlement if one is offered.

Contact Us

If your crypto was stolen from Binance.US and you’re ready to take action, we can help you file your claim, prepare your evidence, and navigate the arbitration process.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Reach out to us today to discuss your case and legal options: (212) 457-9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

When your crypto is stolen from a Binance.US account, the way you respond in the first hours and days can shape your ability to recover funds or bring a legal claim.

Binance.US has a formal process that every user must follow before filing an arbitration claim. Skipping these steps can seriously delay or even block your case.

This guide explains what to do next and how our firm helps clients navigate recovery, law enforcement, and arbitration.

1. Secure Your Accounts Immediately

If you still have access to your account, act fast:

• Change your email and passwords right away.
• Switch or reset your 2FA to an authenticator app (avoid SMS).
• Take screenshots of balances, withdrawals, login history, IP/device activity, TXIDs, and security settings.
• If your phone was SIM-swapped, call your carrier immediately to lock the account and get activity logs.

Why it matters: you’re building the factual record you’ll later use with Binance.US, law enforcement, and in arbitration.

2. File a Support Ticket with Binance.US

Open a Customer Support ticket. Include TXIDs, timestamps, suspicious IPs/devices, and request log preservation (auth logs, device IDs, IPs, API events).

Binance.US explains that the Support route is the first leg of the complaints path:

“If you have a complaint with BAM, you may, but are not required to, first open a ticket with Customer Support and work with Customer Support to resolve your issue.” Terms of Use

Save the ticket number—you’ll need it for the complaint stage.

3. File Law-Enforcement Reports

When crypto is stolen, Binance.US will not provide account or transaction records directly to victims — even if it involves your own account. Their Law Enforcement Guide makes clear that such information is only available to U.S. law enforcement and government agencies through formal legal process.

That’s why filing with the right agencies immediately is critical.

• File an online report with the FBI Internet Crime Complaint Center (IC3).
• File a Local Police Report.
• Provide Law Enforcement With Binance.US Guidance. Binance.US publishes a Law Enforcement Guide that explains exactly how police or federal agencies should request records.

Why this matters: Binance.US publishes a Law Enforcement Guide describing how U.S. agencies can request records; they respond to valid legal process from law enforcement—not to private requests. Share this link with your detective or agent.

4. File a Formal Complaint with Binance.US

If Support doesn’t resolve the issue, the next required step is to email resolutions@binance.us.

Your complaint must include:

• Your Support ticket number.
• A clear description of the problem.
• How you’d like Binance.US to resolve it.
• Any relevant documentation or evidence.

“Once you have already done so, and Customer Support has been unable to resolve your issue, please email your complaint to resolutions@binance.us […] provide your Customer Support ticket number, state the cause of your complaint, how you would like us to resolve the complaint […] Without a Customer Support ticket, we will not be able to respond meaningfully to your complaint email.”

Binance.US states:

“Within thirty business days […] the Complaint Officer may: (1) offer to resolve your complaint in the way you have requested; (2) reject your complaint and set out the reasons for the rejection; or (3) offer to resolve your complaint with an alternative proposal or solution.”

Important: Without a Support ticket, Binance.US will not process your complaint.

This step creates an official record with their Complaint Officer, which is a required stage before arbitration.

5. Send a Notice of Dispute (Pre-Arbitration Requirement)

Once you’ve filed a formal complaint and either received a denial or no resolution, the next step required by Binance.US’s Terms of Use is to send a formal “Notice of Dispute.”

This step is not optional — it is a contractual prerequisite to arbitration. If you don’t send this notice correctly, Binance.US can move to dismiss or delay your arbitration claim.

What to Include in the Notice of Dispute

Your email should include:

1. Your full account details (name, phone, username, email).
2. A short and clear summary of the issue, including key dates, TXIDs, ticket and complaint numbers.
3. How you want Binance.US to resolve the claim (e.g., reimbursement, data disclosure, cooperation with law enforcement).
4. Your lawyer’s contact information, if you have one.

Send your Notice to: legal@binance.us

This formal notice isn’t just a formality — it protects your ability to bring a legal claim.

• It triggers the 60-day “Informal Resolution Period” during which Binance.US must investigate the claim and can propose settlement.
• The statute of limitations is tolled (paused) during this period, preserving your legal rights.
• Under the arbitration clause, you cannot file for arbitration until this period ends. If you do, Binance.US can ask the arbitration forum or a court to stop the proceeding.
• Your Notice establishes a paper trail showing that you followed the Terms — something arbitrators often look for.

“Once a complete Notice of Dispute has been received, the recipient has 60 days to investigate the claims. If either side requests a settlement conference during this period, then you and us must cooperate to schedule that meeting by phone or videoconference. […] An arbitration cannot be filed until the Informal Resolution Period has ended.”

6. Move to Arbitration if Binance.US Doesn’t Resolve Your Claim

If your case is not resolved during the 60-day informal resolution period, the only legal path available under Binance.US’s Terms of Use is binding arbitration through the American Arbitration Association (AAA) under the Consumer Arbitration Rules. Arbitration is mandatory for customer disputes, and class actions are not allowed, which means each claim must be pursued individually.

Key Points About the Arbitration Process:

• Mandatory under the Terms of Use: Arbitration is required before any legal claim can proceed.
• Individual claims only: Class actions are waived, so each case is handled separately.
• Virtual proceedings: All hearings are held remotely.
• Streamlined for smaller claims: If the claim is under $25,000, the case may be decided on written submissions only, without a live hearing.

Arbitration is a formal legal process, and Binance.US will have experienced defense counsel. A knowledgeable attorney can ensure your claim is filed correctly, backed by strong evidence, and positioned to maximize your recovery.

7. Understand Exchange Liability

Binance.US, like most major crypto exchanges, disclaims responsibility for losses caused by hacks, phishing, or account takeovers. Unlike banks or traditional brokerages, crypto exchanges are not insured by the FDIC or SIPC — meaning there’s no government protection or automatic reimbursement if your funds are stolen or the platform fails.

This is why following Binance.US’s formal complaint and dispute process is essential. It preserves your legal rights and creates a clear record if the exchange failed to act reasonably or ignored security red flags. While recovery isn’t guaranteed, well-documented claims supported by law enforcement can significantly increase your leverage in negotiations or arbitration.

Contact Us

If your cryptocurrency was stolen from Binance.US due to an account takeover, SIM swap, or any other unauthorized breach, don’t wait to act.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, our firm has pursued claims against major cryptocurrency exchanges as well as leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are experienced in navigating proceedings before AAA, JAMS, and NAM, and understand the procedural and strategic nuances that can make or break a case. We also represent victims whose assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

Time is critical in crypto theft cases. Swift, strategic legal action can make the difference between recovery and permanent loss.

Reach out to us today to discuss your case and legal options: (212) 457-9797 | info@dilendorf.com.

Attorney Advertising. Prior results do not guarantee a similar outcome. This information is provided for educational purposes and is not legal advice.

If your Coinbase account has been hacked, the first step is mandatory. Under Section 7 of Coinbase’s User Agreement, you should begin by contacting Coinbase Support and opening a ticket. This generates a case number, which is essential for the Formal Complaint process.

If the matter is not resolved through Support, the next step is to file a Formal Complaint with Coinbase. Submitting a Formal Complaint starts Coinbase’s 45-business-day response period. Coinbase will acknowledge receipt of your complaint and issue a written resolution notice after review.

Once that resolution notice is sent—or once 45 business days have passed without a resolution—the Formal Complaint process is considered complete. At that point, you may pursue arbitration if necessary.

In short: Support first, Formal Complaint second. This sequence is mandatory for Coinbase clients and is the only way to preserve your right to escalate a dispute with Coinbase.

Step 1 — Notice Begins with Coinbase Support

The first step in giving notice is to contact Coinbase through its Support page. When you open a Support ticket, Coinbase assigns you a case number.

That case number is critical. It shows you gave proper notice and must be included in your Formal Complaint. Without it, your notice will be incomplete.

Step 2 — Notice Continues with the Formal Complaint

If the Support ticket does not resolve the matter, you must escalate by filing a Formal Complaint. This is still part of the required notice process. It tells Coinbase, in writing, that you are formally disputing the unauthorized activity and obligates them to respond.

Coinbase User Agreement, §7.2.1 Procedural Steps:
“In the event that the dispute is not resolved through your contact with Coinbase Support, you agree to use our complaint form to describe your dispute, how you would like us to resolve the complaint, and any other relevant information […]. The Formal Complaint Process is completed when Coinbase responds to your complaint or forty-five (45) business days after the date we receive your complaint, whichever occurs first.”

When you submit the complaint online, you will be asked to complete several required blocks, including:

• Personal data of the complainant — your name, contact details, and address.

• Personal details of the legal representative (if applicable) — if an attorney is filing on your behalf, Coinbase requires a power of attorney or official proof of representation.
• Information about the complaint — this is where you must reference your Support case number, describe the unauthorized access, include dates and transaction IDs (TXIDs), and state what resolution you are requesting.

Step 3 — Resolution Notice and 45-Business-Day Timeline

After you submit a Formal Complaint, Coinbase must acknowledge receipt and review it. A Coinbase support representative will then issue a resolution notice.

The complaint process is considered complete when either:

• Coinbase sends the resolution notice, or
• 45 business days pass from the date Coinbase received your complaint.

Only once this process is complete may you pursue arbitration or small claims.

Why Proper Notice Matters

The Coinbase User Agreement makes clear: you cannot skip Support, and you cannot skip the Formal Complaint. Notice is the foundation of your claim. If you fail to provide notice in the exact way required, any arbitration or small-claims action may be dismissed.

 “You must complete the Formal Complaint Process before filing any arbitration or small claims action. If you do not complete it, then you agree that your claim or action must be dismissed from arbitration or small claims court.” Coinbase User Agreement, §7.2.

Contact Us

At Dilendorf Law Firm, we focus on helping clients whose digital assets were stolen through hacked exchange accounts, SIM-swapping incidents, or compromised self-custody wallets such as MetaMask.

With over six years of experience and a record of handling more than 100 arbitration cases, we have pursued claims against Coinbase and other leading exchanges, as well as against major phone carriers like Verizon, T-Mobile, and AT&T. Our attorneys are well-versed in proceedings before AAA, JAMS, and NAM, the leading arbitration forums for crypto disputes.

We understand the urgency of these cases and guide clients step-by-step through Coinbase’s notice requirements—from the Support ticket and case number to the Formal Complaint and arbitration.

If your Coinbase account was hacked and your assets were stolen, contact us today to discuss your options for recovery: info@dilendorf.com | (212) 457-9797.

If your crypto was stolen from a U.S. exchange such as Coinbase, Uphold, Binance or Kraken, you might be wondering: What was the exchange supposed to do to protect me?

New York’s BitLicense rules are widely seen as the country’s gold standard for crypto consumer protection. Many large exchanges serve New Yorkers and therefore follow New York’s standards across their whole platform—no matter where you live.

Bottom line: Even if you’re not in New York, you can still point to these expectations when you talk to the exchange or prepare an arbitration claim.

Who This Applies To

The New York Department of Financial Services (NYDFS) says the guidance applies to “all virtual currency business entities that are either licensed under 23 NYCRR Part 200 or chartered as a limited purpose trust company under the New York Banking Law (the ‘VC Entities’).”

If an exchange operates in New York, it’s under this umbrella and is expected to meet these standards. In practice, large exchanges typically use the same controls nationwide, not a weaker version for non-NY customers.

What the Standard of Care Looks Like

1) Detect, Prevent, and Respond to Fraud

NYDFS: “VC Entities are required to implement measures designed to effectively detect, prevent, and respond to fraud, attempted fraud, and similar wrongdoing; and market manipulation is a form of wrongdoing about which VC Entities must be especially vigilant….”

What this means for you: Exchanges should have tools that spot risk early, block or hold suspicious activity, and move fast when something looks wrong (unusual logins, new devices, sudden withdrawals).

These protections should work on both the front end (login/withdrawal security) and the back end (monitoring, alerting, holds).

2) A Real, Written Anti-Fraud Program

NYDFS requires “effective implementation of a written policy that: identifies and assesses the full range of fraud-related and similar risk areas… provides effective procedures and controls… allocates responsibility for monitoring risks; and provides for periodic evaluation and revision….”

What this means for you: There should be a living playbook that covers real threats like phishing, SIM-swaps, device takeovers, and social engineering.

These security features should be paired with concrete protections such as phishing-resistant 2FA, device binding, cooldowns after password resets, withdrawal holds/allow-lists, and on-chain risk screening—with named owners responsible and regular updates as scams evolve.

3) Effective Investigation of Suspected or Actual Wrongdoing

NYDFS: “A VC Entity must provide for the effective investigation of fraud and other wrongdoing, whether suspected or actual….”

What this means for you: When you report theft, the exchange shouldn’t just send boilerplate emails.

It should pull login/IP/device logs, review risk flags, explain why withdrawals were allowed, and document what it did. You’re entitled to ask what steps they actually took.

4) Prompt Reporting to NYDFS and Ongoing Follow-Ups

NYDFS says:

• “Immediately upon the discovery of any wrongdoing, a VC Entity must submit to the Department a report stating all pertinent details….”
• “The Department expects … the first further report … within 48 hours after submission of the original report….”
• “A VC Entity must maintain … records of each incident….”
• “When submitting required reports… use: vcreports@dfs.ny.gov

5) Quick Tips for Victims

• Lock down your accounts immediately: Change passwords (email + exchange), switch to an authenticator app (not SMS), and revoke unknown devices/sessions.
• Call your carrier: Add/confirm a port-out/SIM-swap PIN; ask if there were recent SIM changes.
• Preserve evidence: Save TXIDs, wallet addresses, timestamps, screenshots, emails, chat logs, and create a simple timeline of events.
• File an IC3 report (ic3.gov): Keep the confirmation number with your case file.
• Be cautious with “recovery” offers: Avoid anyone guaranteeing results or demanding big upfront fees.

Conclusion

Arbitrating or litigating a crypto-theft claim is high-risk and difficult. Most exchanges require arbitration and embed terms that shift risk to users, limit remedies, and set strict procedures.

If your funds were stolen, speak with experienced counsel as early as possible to protect your rights and build a strong, fact-driven record.

About Max Dilendorf

Max Dilendorf  represents victims nationwide against Coinbase, Kraken, Binance, and Uphold, and SIM-swap victims against T-Mobile, AT&T, and Verizon whose self-custody wallets (e.g., MetaMask) were drained.

With 6+ years in this space, Max has arbitrated crypto disputes across AAA, JAMS, and NAM—handling demand drafting, 100+ crypto-related discovery disputes (motions to compel/protective orders, subpoenas, ESI, privilege), expert coordination, depositions, and taking cases through final evidentiary hearings.

When a Coinbase customer experiences losses after phishing, SIM-swap, or other credential compromise, several provisions in the U.S. Individual User Agreement may be relevant.

Below, we quote representative language and explain how these clauses can function in disputes.

This article is for informational purposes only and does not assert wrongdoing by any party.

This article addresses the current U.S. Individual User Agreement on Coinbase’s legal site and excerpts the precise sections Coinbase relies on in credential-theft disputes. Because Coinbase updates terms periodically, customers should always capture the agreement operative on the incident date and preserve a copy for the record.

Clause #1 — Risk of loss allocated to the customer

“Title to Supported Digital Assets shall at all times remain with you […] you shall bear all risk of loss.” (User Agreement §2.7.1, Ownership)

Because title remains with the user and the clause assigns risk of loss to the user, parties may argue that losses in an account are borne by the user absent an independent legal basis shifting or sharing that risk.

Clause #2 — Transactions using your credentials are presumed authorized

“When a […] transaction occurs using your credentials, we will assume that you authorized such transaction.” (Section 3.6)

“Reporting an unauthorized transaction does not guarantee Coinbase will be able to reverse the transaction or reimburse you for the transaction.” (Section 3.6)

In scenarios such as SIM-swap, spoofed-site, malware, or remote-access attacks, transfers signed with a user’s factors may be treated as authorized for platform purposes, and the agreement does not promise reversal or reimbursement upon later notice.

Clause #3 — No responsibility for losses from compromised credentials

“Coinbase will never […] ask you […] for your passwords, 2-factor codes, or to screen share […] Coinbase is not liable for any loss […] due to the compromise of your account login credentials.” (Section 6.7)

This clause frames losses arising from compromised login credentials (e.g., fake support calls, screen-share scams, SIM-swap, credential-stuffing) as user-side risk not attributed to Coinbase’s systems, complementing the presumption in §3.6.

Clause #4 — “AS IS” / no warranties & liability limits

“THE COINBASE SERVICES ARE PROVIDED ON AN ‘AS IS’ AND ‘AS AVAILABLE’ BASIS […].” (Section 8.2)

The agreement also includes disclaimers relating to service issues (e.g., “viruses,” “glitches, bugs, errors”) and limits certain categories of damages, subject to applicable law.

Potential effect in disputes. Even where a feature lagged or behaved unexpectedly, the no-warranty language and damages limitations may narrow contract-based recovery, subject to statutory carve-outs and jurisdiction-specific rules.

Reading the provisions together

One way to analyze these provisions is:

1. Allocation: title with the user → user bears risk (Section 2.7.1)
2. Authorization: activity with user credentials presumed authorized; notice alone doesn’t assure reversal (Section 3.6)
3. No-fault framing: credential compromise treated as external to Coinbase (Section 6.7)
4. Contract shields: “AS IS” / damages limits (Section 8.2)

Actual outcomes turn on the facts, applicable statutes, and governing law.

Case Study

Courts have addressed the enforceability of user-agreement clauses in cryptocurrency or digital-asset platforms, particularly those that allocate the risk of loss to users or include “AS IS”, no-warranty, or limitation-of-liability terms.

These cases often hinge on the interpretation of the user agreements, the presence of integration clauses, and the extent to which users are deemed to have accepted the terms.

Courts have also considered whether platforms have a legal duty beyond the terms explicitly agreed upon, especially in situations involving risks such as account compromise or loss of assets.

• In Archer v. Coinbase, Inc., 53 Cal. App. 5th 266, the court held that the cryptocurrency exchange platform was not liable for an investor’s breach of contract claim because the user agreement did not require the platform to support or provide services for a particular cryptocurrency. The agreement’s integration clause barred the use of parol evidence to impose additional obligations, and the platform had no legal duty beyond the agreed terms.

“When the parties to a written contract have agreed to it as an integration—a complete and final embodiment of the terms of an agreement—parol evidence cannot be used to add to or vary its terms.”

The court also rejected claims of conversion and negligence, emphasizing that the platform took no affirmative action to deprive the investor of the currency and had no duty to provide services beyond those agreed upon.

• In SEC v. Coinbase, Inc., 726 F. Supp. 3d 260, the court examined the risks associated with Coinbase’s staking program, noting that while users retained ownership of their crypto-assets, the assets were at risk of loss through mechanisms such as “slashing.” The user agreement limited Coinbase’s indemnification obligations, excluding losses caused by third parties, force majeure events, or other factors outside Coinbase’s control. The court highlighted that the risk of loss existed despite the absence of actual losses, and the agreement’s terms clearly allocated certain risks to the users.

“[…] once a customer’s crypto-assets are […] staked to the underlying blockchain protocol, those assets are at risk of being ‘slashed.’”

• In In re Celsius Network LLC, 649 B.R. 87, the court found that customers only had contract claims under the Terms of Use against the debtor, Celsius Network LLC, and not its affiliates.

“[…] the parties to the terms of use intended that only LLC, and not any other Debtor or non-Debtor affiliates, are liable to Customers on contract claims under the terms of use.”

The court emphasized that the Terms of Use, which customers were required to accept to access the platform, allowed the debtor to unilaterally update the terms. The updated terms defined “Celsius” to include the debtor and its affiliates, but the court determined that liability was limited to the debtor based on the terms and extrinsic evidence. The case underscores the enforceability of user agreements in defining the scope of liability and the allocation of risk.

FAQs (client-facing)

“I reported within hours—why wasn’t I reimbursed?”

Section 3.6 presumes transactions using your credentials were authorized and does not guarantee reversal or reimbursement upon notice. Whether remedies exist depends on the facts and applicable law beyond the contract.

“What if my carrier performed a SIM-swap?”

Section 6.7 states Coinbase is not liable for losses due to compromised login credentials. Any claims against other parties (e.g., a carrier) may involve different facts, evidence, and legal theories.

“What does ‘AS IS’ mean for my case?”

“No-warranty” language can narrow contract-based claims, though statutory protections (and any required carve-outs) may still apply. Outcomes turn on jurisdiction and facts.

Conclusion

The contract provisions discussed above don’t decide a case on their own—but they do set the lens. Read together, they can (i) place certain risks on the account holder, (ii) presume authorization for activity conducted with stored credentials or factors, and (iii) narrow warranty- and damages-based relief.

What actually matters is the record you build and the law that applies to it.

Contact Us

Even in difficult, credential-compromise scenarios, there are paths to evaluate and pursue.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have  pursued claims against major cryptocurrency exchanges—including Coinbase, and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact Dilendorf Law Firm at info@dilendorf.com to discuss your case and options for recovery.

After a January 2018 SIM-swap, crypto investor Michael Terpin alleged roughly $24 million in losses and sued AT&T, arguing the carrier violated the Federal Communications Act (FCA) by permitting access to his protected customer information—customer proprietary network information (CPNI)—without proper authentication.

In 2024, the Ninth Circuit revived that FCA theory and sent the case back to the Central District of California.

On July 16, 2025, the district court partly denied AT&T’s summary-judgment motion on the FCA claim and set the case on a path toward trial, making this one of the most watched SIM-swap matters in the country.

What happened: the SIM-swap and theft

According to the record, teenager Ellis Pinsky paid Jahmil Smith, an employee at an AT&T authorized retailer, to bypass safeguards and swap Terpin’s number to a device the attackers controlled.

They then sent password-reset codes to the hijacked number, accessed Terpin’s Microsoft OneDrive, and found a .txt file in the OneDrive trash containing wallet credentials—leading to the alleged $24M loss.

As Terpin’s filing puts it, “Pinsky … bribed [Jahmil] Smith … to bypass security measures and swap Terpin’s SIM,” then used SMS resets to enter his accounts.

AT&T’s appellate brief emphasizes user-side practices: Terpin copied credentials into a separate document that synced to OneDrive; he admitted that if he hadn’t done so “he wouldn’t have suffered any crypto loss.”

Claims and legal theories

• Claims pleaded. Terpin’s operative complaint asserted fraud, negligence, contract claims, and unauthorized disclosure under the FCA (47 U.S.C. §§ 206, 222). He sought ~$24M plus punitive damages.
• Appellant’s framing. Wireless carriers control SIM swaps and must protect CPNI; a swap without proper authentication permits access to protected information and foreseeably enables downstream account takeovers.
• Defense & industry perspective. AT&T (and CTIA as amicus) argue a SIM-swap by itself does not disclose § 222-protected information and that the loss stemmed from intervening steps across third-party platforms (email, Microsoft, wallet providers). CTIA also warns that expanding § 222 could risk turning carriers into de facto insurers for cross-platform cybercrime.

Procedural history & timeline

August 15, 2018 — Filing (C.D. Cal., Los Angeles; No. 2:18-cv-06975-ODW-KS).
Terpin sues AT&T after a January 2018 SIM-swap. He alleges approximately $24 million in losses and brings fraud, negligence, contract, and FCA § 222 (CPNI) claims.

2017–2018 factual backdrop. Attackers allegedly bribed an AT&T authorized-retailer employee to perform an unauthorized SIM-swap, then used SMS password resets to access Terpin’s Microsoft OneDrive, where a .txt file in the trash contained wallet credentials—enabling the crypto theft.

September 8, 2020 — Pleadings trimmed (district court). Fraud claims and punitive-damages requests dismissed with prejudice.

March 30, 2023 — Summary judgment (district court). The court grants summary judgment to AT&T on the remaining claims, including the FCA theory. Terpin appeals.

September 30, 2024 — Ninth Circuit (No. 23-55375). Affirmed in part, reversed in part, and remanded. The panel revives only the FCA § 222 claim and instructs the district court to address proximate cause on remand.

July 16, 2025 — Order on remand (district court). On a renewed summary-judgment motion, the court grants in part / denies in part:

• A jury could find AT&T failed to take reasonable measures and properly authenticate before allowing access to CPNI during the fraudulent SIM-swap (citing 47 C.F.R. § 64.2010(a) and Global Crossing).
• AT&T prevails to the extent Terpin’s § 222 theory rests solely on the authorized-retailer employee’s (Smith’s) unauthorized acts.

What Section 222/CPNI means here

Section 222 and the FCC’s CPNI rules require carriers to safeguard customer proprietary network information and authenticate before disclosure.

On remand, the district court tied Terpin’s revived claim to these authentication and “reasonable measures” duties.

Terpin’s briefing also argues the ubiquity of SMS-based resets makes SIM-swap disclosures foreseeably harmful when a carrier permits access to a number without proper checks.

What’s next

Only one claim remains: FCA § 222 based on AT&T’s own conduct during the January 2018 swap. The court has referred the parties to a settlement conference on December 8, 2025 and set a jury trial for March 3, 2026, with pretrial on February 23, 2026.

Why this case matters beyond the parties

• SIM-swap accountability: The ruling signals that failing to authenticate before a SIM change can expose carriers to FCA liability when it “permits access” to protected information.
• Causation in cyber-heists: The Ninth Circuit’s partial revival leaves proximate cause to be hashed out on a trial record—important for future cases where telecom events trigger multi-platform compromises.
• Industry lens: CTIA warns that expansive § 222 theories could make carriers de facto insurers against downstream fraud across other services.

Contact Us

At Dilendorf Law Firm, we represent clients who have been targeted by SIM-swap attacks and other forms of cyber fraud.

With over six years of experience and a record of handling more than 100 consumer arbitration cases, we have successfully pursued claims against both major cryptocurrency exchanges—including Coinbase, Gemini—and leading phone carriers such as Verizon, T-Mobile, and AT&T.

Our attorneys are skilled in navigating proceedings before all major arbitration forums, including AAA, JAMS, and NAM.

We also represent victims whose digital assets were stolen not only from regulated exchanges but also from self-custody wallets like MetaMask and other decentralized platforms.

In high-stakes cases, we advise and coordinate with U.S. law enforcement and investigative agencies—including the FBI, Department of Homeland Security (DHS), and the Secret Service—as part of broader recovery strategies and criminal investigations into cybercrime.

If you have suffered losses due to a SIM swapping incident or other cyber fraud, contact us to discuss your case and options for recovery.

Email: info@dilendorf.com | Phone: 212.457.9797

Disclaimer: This summary is based on public records and does not constitute legal advice. Dilendorf Law Firm is not counsel of record for Michael Terpin, and his case is in no way affiliated with our firm.