Why did Coinbase sue a German man over “coinbase.de?”
Coinbase, one of the world’s most prominent cryptocurrency exchanges, has sued Tobias Honscha, a German national, in a US federal court, accusing him of misusing the domain name “coinbase.de.”
The company alleges that Honscha engaged in cybersquatting, violated affiliate program rules and posed significant phishing risks by operating email services from the domain.
The growing threat of domain impersonation
Domain impersonation is a tactic where attackers register websites that look nearly identical to official company domains. They often use minor spelling changes, different domain endings (like “.de” instead of “.com”) or additional hyphens to trick users into thinking they are visiting a legitimate site.
These fake domains are commonly used to:
- Harvest login credentials via cloned login pages
- Send phishing emails that look like official company communications
- Distribute malware under the guise of legitimate apps or security updates
- Damage brand trust by scamming users who believe they are interacting with the official company.
In cryptocurrency, where transactions are irreversible and often anonymous, domain impersonation is particularly dangerous. A single successful phishing attempt can result in permanent financial loss for victims.
Why this matters for Coinbase and its users
Crypto exchanges handle billions in daily transactions, and their brand reputation depends on trust and security. If users mistakenly visit an unofficial domain like “coinbase.de,” they may unknowingly:
- Share sensitive credentials or identification documents
- Authorize fraudulent transactions
- Fall victim to malware designed to steal private keys or compromise wallets.
For Coinbase, losing control of “coinbase.de” posed both financial risk (from potential phishing losses) and reputational risk (as users might associate any scam with Coinbase itself).
The case highlights how critical digital brand protection has become for cryptocurrency companies and why domain impersonation continues to be one of the most persistent and damaging cyber threats in the crypto industry.
Does “coinbase.de” exist, and is it operated by Coinbase?
Yes, “coinbase.de” is a real domain name, but it is not owned or operated by Coinbase, the US-based cryptocurrency exchange. According to the lawsuit, the domain was registered and controlled by a German individual named Tobias Honscha.
Initially, the site allegedly redirected visitors to Coinbase’s own platform using an affiliate link, generating commissions for Honscha while giving users the impression it was an official Coinbase domain. After Coinbase ordered him to stop this activity, the domain reportedly began redirecting users to an unrelated platform for trading physical coins.
The lawsuit also claims that an email service linked to “@coinbase.de” was operational, which poses a major risk. People receiving emails from that domain could easily mistake them for official Coinbase communications, potentially leading to phishing attacks.
So, while “coinbase.de” exists, it is not a legitimate Coinbase website and should not be trusted for cryptocurrency transactions or account access. Coinbase’s official German-facing services operate from its main domain, coinbase.com, which supports localized experiences without using third-party domains.
Coinbase’s allegations against Honscha
Honscha allegedly violated Coinbase’s affiliate program by using the “coinbase.de” domain to funnel traffic through affiliate links, misleading users, operating “@coinbase.de” email accounts for potential phishing and implying Coinbase should buy the domain to avoid such threats.
Affiliate program violation
Coinbase runs an affiliate program that pays commissions for user sign‑ups. Honscha allegedly used the “coinbase.de” domain to funnel traffic through affiliate links, giving users the impression that they were signing up through Coinbase itself.
The company states that its affiliate agreement prohibits:
- Using the word “Coinbase” or variations in domain names
- Masquerading as an official Coinbase entity.
Email and phishing risks
After Coinbase demanded Honscha remove affiliate links, the domain allegedly redirected users to a platform for trading physical coins. More concerning, Coinbase claims Honscha operated email accounts ending in “@coinbase.de.”
This could mislead users and enable phishing attacks involving fake ID verification requests, password resets and two-factor authentication (2FA) code theft.
Alleged coercion
Court filings say Honscha implied that Coinbase should purchase the domain to avoid phishing threats, which Coinbase describes as an attempt to pressure or “hold the company hostage.”
Did you know? In 2019, fake “MyEtherWallet” domains stole over $150,000 in Ether (ETH) in just two hours using typosquatting techniques. These attacks remain one of the fastest forms of crypto phishing scams.
What is cybersquatting?
Cybersquatting is the act of registering, trafficking or using a domain name that is identical or confusingly similar to an established trademark, with the intent to profit from it.
Typical motives include:
- Selling the domain back to the trademark holder for an inflated price
- Using the domain to mislead customers and drive affiliate or ad revenue
- Running phishing campaigns by exploiting user trust in a well-known brand.
Anti-Cybersquatting Consumer Protection Act (ACPA)
In the US, the ACPA protects trademark owners against bad‑faith domain registrations. It allows for:
- Court‑ordered transfer of domains to rightful owners
- Statutory damages ranging from $1,000 to $100,000 per infringing domain.
Why cyberquatting is worse in crypto
In crypto, cybersquatting is particularly dangerous because:
- Users often trust websites based solely on recognizable names.
- Phishing attacks through fake exchange domains can directly lead to theft of funds and private keys.
- Global operations mean localized domain extensions (like “.de” for Germany) are frequently overlooked by companies but exploited by attackers.
Did you know? In 2001, Panavision sued a cybersquatter who registered “panavision.com” and offered to sell it back for $13,000. The case became one of the earliest ACPA victories, establishing how companies could reclaim misused domains.
Crypto risks for users and how to stay safe
The “coinbase.de” incident highlights how dangerous look‑alike domains can be for cryptocurrency users. Attackers often mimic official exchange websites to mislead users and steal sensitive information.
Key risks crypto users should be aware of
- Phishing attacks: Fake domains and email addresses (e.g., “support@coinbase.de”) can trick users into sharing login credentials, ID documents or 2FA codes.
- Credential theft: Scammers capture usernames and passwords through fake login pages, allowing unauthorized access to crypto wallets or exchange accounts.
- Permanent loss of funds: Cryptocurrency transactions are irreversible. If you send funds to a fraudulent wallet address, recovery is almost impossible.
- Email spoofing and identity fraud: Emails sent from a fake Coinbase-like domain can appear legitimate, damaging trust and leading to more sophisticated scams.
- Malware risk: Fake domains sometimes host malware disguised as crypto apps or security tools, infecting devices and stealing sensitive data.
How users can stay safe
- Verify website URLs: Coinbase’s official website is “coinbase.com.” Avoid using domains with extra letters, hyphens or country-specific endings like “.de” unless officially confirmed.
- Bookmark official websites: Always access your exchange through trusted bookmarks rather than clicking on links in ads or messages.
- Enable strong security: Use 2FA, preferably via hardware keys instead of SMS.
- Check for HTTPS and security certificates: Legitimate crypto exchange sites use encrypted connections (look for “https://” and a padlock icon).
- Ignore suspicious emails: Do not click links or download attachments from unknown senders claiming to be from Coinbase.
- Download only official apps: Use verified app stores like Google Play or the Apple App Store; avoid third-party download links.
- Stay updated on scams: Follow official Coinbase security updates and crypto industry news to stay informed about common phishing and fraud tactics.
