What happens when a court doesn't care that you don't hold the keys?
The Coinbase Brazil court ruling from the São Paulo State Court has just answered that question — in a way that could shake every wallet provider operating in Latin America and beyond. The decision ordered Coinbase to return R$507,000 — approximately $99,000 at the Banco Central do Brasil rate of R$5.11 per US dollar — to a user whose Wallet saw funds transferred out without authorization. The company argued it doesn't hold private keys and can't control transactions. The court rejected that defense entirely.
Source: X(formerly Twitter)
This isn't just a refund case. It's a precedent.
The Coinbase Brazil court ruling didn't find that Coinbase stole the money. It didn't find that the exchange was negligent in an obvious way. It found something more legally consequential: Coinbase failed to prove it wasn't responsible.
That distinction matters enormously. Wallet is a non-custodial product — the private keys are held by the user, not the company. The provider has no ability to authorize or block transactions on a wallet it doesn't control. That's been the bedrock defense of self-custody wallet providers globally since the category emerged: if you don't hold the keys, you don't hold the liability.
The São Paulo State judgement disagreed — not because Coinbase's technical argument was wrong, but because Brazil's consumer protection law operates under a different standard than most crypto companies expect.
Under Brazil's Código de Defesa do Consumidor — the Consumer Protection Code — the burden of proof in consumer disputes doesn't sit with the customer. It sits with the company providing the service. When a user claims unauthorized activity, the business must prove the transaction was authorized and demonstrate that adequate security measures existed. The company was unable to do either.
Brazilian cryptocurrency attorney Raphael Souza described the impact directly: the decision dismantles two core industry defenses simultaneously — that self-custody wallets generate no liability for the software provider, and that submitting technical documentation to court without explaining it constitutes an adequate defense.
The Coinbase Brazil court reveals a structural gap between how crypto companies think about liability and how Brazilian consumer law assigns it.
In most jurisdictions where crypto operates, liability tracks control. If you don't control the wallet, you don't bear responsibility for what happens inside it. That logic flows directly from the technical architecture of non-custodial products and has generally held up in US legal proceedings involving self-custody losses.
Brazil's consumer law inverts that logic. The question isn't whether Coinbase controlled the wallet. The question is whether Coinbase — as the provider of a service to a Brazilian consumer — can prove the consumer's claim is wrong. When Coinbase provided a wallet application, downloaded and used by a Brazilian resident, the Consumer Protection Code applied to that relationship. The mechanism of the fund loss was never definitively established in the judgement. The decision didn't need it to be.
Three things the panel specifically found the company failed to demonstrate:
That the transaction was initiated by the user
That adequate security measures existed within the wallet product
That the fund flow could be adequately explained given those security measures
The ruling covers statutory interest on top of the R$507,000 principal — meaning the total obligation is higher than the base refund figure.
This is not an isolated ruling from a minor consumer tribunal. The TJSP — Tribunal de Justiça do Estado de São Paulo — is the São Paulo State Court of Justice, one of the highest and most influential state courts in Brazil. Its decisions carry significant weight in shaping how lower courts and regulatory bodies approach similar cases across the country.
The Coinbase Brazil court ruling arrives at a specific moment for the broader self-custody industry.
Brazil has approximately 10 million crypto investors and is among the top five countries globally in crypto activity. Any legal framework that rewrites how wallet liability works in that market affects a significant base of active users and the companies serving them. Brazil's crypto regulatory framework — enacted in 2022 and expanded in 2023 — already applied consumer protection law broadly to digital asset service providers. This decision extends that application into non-custodial software in a way the industry had not previously faced.
Every wallet provider offering its product to Brazilian consumers should now be evaluating three specific questions: Can it demonstrate that adequate security measures exist within its product? Can it explain the transaction flow when challenged in tribunal? And is its current consumer disclosure framework sufficient under Brazilian consumer law standards?
The implications extend beyond Brazil. Legal systems across Latin America, and increasingly in parts of Asia, draw from similar consumer protection frameworks that shift evidentiary burdens toward businesses rather than consumers. A ruling at this level could inform similar cases in Colombia, Mexico, Argentina, and elsewhere — especially as crypto adoption continues to outpace regulatory clarity in those jurisdictions.
The company has not publicly commented on the ruling as of the time of this article. Based on public legal reporting and assumption basis only — no guaranteed outcomes are provided — the company may pursue appeal options available within Brazil's judicial system. All projections regarding the ruling's broader precedent-setting impact are speculative at this stage.
The Coinbase Brazil court ruling is the most consequential self-custody liability decision of 2026. A court applied consumer protection law to a non-custodial wallet, put the burden of proof on the company instead of the user, and ordered a $99,000 refund for funds the company never controlled. Every wallet developer operating in Brazil — and watching from Latin America — just got a clear signal: consumer law doesn't care about your key architecture. It cares whether you can prove you protected your users.
This article is for informational and educational purposes only. It does not constitute legal, financial, or investment advice. All details regarding the ruling are based on publicly available legal reporting as of July 13, 2026. The ruling summary reflects the court's publicly reported findings. The exchange has not commented publicly on this ruling as of publication. Any potential appeal, regulatory response, or broader legal precedent remains speculative. Always consult a licensed legal adviser for guidance on crypto-related legal matters.