BEWARE IMPERSONATION SCAMS! Be sure that you are interacting with us. We e-mail exclusively from the domain @dilendorf.com

Stolen Phone, Drained Crypto: When Exchanges Are Liable

February 18, 2026  |   By: Max Dilendorf, Esq.
Max Dilendorf, Esq.
Max Dilendorf, Esq.

212.457.9797  |  md@dilendorf.com

When a victim’s phone is stolen and cryptocurrency is drained from an exchange account, exchanges and telecommunications carriers often argue that the loss was caused solely by third-party criminals.

Dilendorf Law Firm represents victims whose phones were stolen and thieves initiated unauthorized activity from the victims’ cryptocurrency exchange accounts.

The firm handles disputes involving account takeovers, SIM-swap attacks, and rapid unauthorized withdrawals.

Courts do not automatically accept the “third-party criminal” defense.

Courts examine if an exchange’s own security systems, authentication controls, monitoring procedures, or response measures contributed to the loss.

These cases are highly fact-intensive and high risk. Most exchanges require arbitration.

They assert broad contractual defenses.

Duty to Implement Adequate Security Measures

In Yuille v Uphold HQ Inc., 686 F Supp 3d 323, 335-336 (S.D.N.Y. 2023), the court summarized allegations that the exchange failed to safeguard customer accounts. The complaint alleged that Uphold failed to provide adequate security by:

failing to provide reasonable and appropriate security to prevent unauthorized access to its customer’s account … misrepresenting ‘the safety and security of’ its accounts … failing ‘to adequately safeguard and protect’ the accounts; [and] failing ‘to use readily available security measures to prevent or limit unauthorized access to customer accounts and to prevent unauthorized transactions from occurring on those accounts.’”

The case reflects that exchanges may face liability where internal controls are insufficient to prevent foreseeable unauthorized access.

In Rider v Uphold HQ Inc., 657 F Supp 3d 491, 496 (S.D.N.Y. 2023), the plaintiffs challenged the exchange’s authentication architecture.

The court described allegations that Uphold’s implementation of two-factor authentication allowed unauthorized users to access accounts without the original device, thereby compromising account security.

In a stolen-phone case, these allegations are critical.

If authentication can be bypassed without meaningful device verification, biometric confirmation, or withdrawal delays, plaintiffs could argue that the exchange’s security design contributed to the loss.

Negligence and Weakened Safeguards

In Yuille, the court also described allegations that user-experience changes weakened security protections.

The complaint alleged that measures adopted to improve customer service:

weakened its account security by reducing the situations in which Uphold would restrict [unauthorized] account access.

Negligence claims often focus on operational failures.

These may include failing to suspend credentials after repeated failed login attempts, failing to delay withdrawals after password resets, or failing to flag large transfers to newly added wallets.

If safeguards are relaxed for convenience, plaintiffs may argue that reasonable care was not exercised.

Misrepresentation of Security Standards

Exchanges frequently advertise strong protections. In Pillar Project AG v Payward Ventures, Inc., 64 Cal App 5th 671, 674, 279 Cal Rptr 3d 117, 121 (2021), the court described allegations that the exchange:

…falsely advertised that it provided the best security in the business.

and that those measures were

“...failed to use standard security measures on its exchange which would have prevented the theft.

If an exchange promotes “bank-level security” or “advanced fraud monitoring,” yet fails to stop rapid unauthorized withdrawals after a phone theft or SIM-swap attack, those statements may support misrepresentation claims.

Role of Telecommunications Carriers

Stolen-phone and SIM-swap cases often involve telecommunications carriers.

Major carriers such as Verizon, AT&T, and T-Mobile may be implicated where unauthorized SIM swaps or account changes enabled access to exchange accounts.

If a carrier transfers a number without proper identity verification, disables PIN protections, or fails to detect suspicious account activity, plaintiffs may assert negligence or statutory claims against the carrier.

Liability analysis often requires examining both the exchange’s authentication systems and the carrier’s account-security procedures.

Arbitration and High-Risk Litigation

These cases are high risk. Major exchanges, including Coinbase, Binance, Gemini, and Uphold, require arbitration.

They assert assumption-of-risk defenses and argue that possession of login credentials constitutes authorization.

They also argue that third-party criminal acts break the chain of causation.

Carriers raise contractual limitations and federal preemption defenses. Success depends on forensic evidence.

This includes IP logs, device fingerprints, authentication records, internal security policies, SIM-swap documentation, and timing of notice.

Dilendorf Law Firm’s Experience

Dilendorf Law Firm represents victims in stolen-phone and SIM-swap cases involving unauthorized cryptocurrency transfers.

The firm represents clients in disputes against Coinbase, Binance, Gemini, Uphold, and other exchanges.

The firm also represents clients in cases against Verizon, AT&T, T-Mobile, and other telecommunications carriers.

To date, the firm has arbitrated more than 130 cases against crypto exchanges and phone carriers.

These matters involve complex arbitration clauses, evolving regulatory standards, and sophisticated technical evidence.

Stolen-phone cryptocurrency disputes are not routine consumer claims.

They are high-risk, high-stakes proceedings that require experienced arbitration counsel and detailed forensic investigation.

Conclusion

Cases such as Yuille, Rider, Pillar Project, and Widjaja show that exchanges and financial institutions are not automatically insulated from responsibility when unauthorized transfers follow a phone theft.

Plaintiffs may establish liability by demonstrating inadequate safeguards, weakened controls, misleading security representations, or failure to act promptly after notice. Carrier conduct may also be central to the analysis.

At the same time, these cases are complex, arbitration-driven, and high risk.

Careful evaluation of contracts, regulatory obligations, and technical evidence is essential before proceeding.

Contact Us

If your phone was stolen and thieves transferred cryptocurrency or funds out of your exchange account without your authorization, contact Max Dilendorf at Dilendorf Law Firm.

Email: max@dilendorf.com
Phone: 212.457.9797

Early action is critical in stolen-phone and unauthorized crypto transfer cases. Prompt investigation can help preserve evidence and assess potential claims against exchanges and telecommunications carriers.

This article is provided for your convenience and does not constitute legal advice. The information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

Other Blog Posts

ALL ARTICLES
Sent Crypto on the Wrong Network to an Exchange?
SIM Swap Lawyer Explains Crypto Theft in 2026
Coinbase Account Theft in 2026: Legal Steps to Take
Coinbase User Agreement Update: Why It Matters After a Hack
Sprint Corp. v. FCC (2025): Carrier Liability for SIM Swaps
SIM Swap Attorney on Verizon v. FCC & Crypto Losses (2026)
Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.