At least three Coinbase customers and one crypto user have claimed the last week being targeted by Coinbase-impersonating fraudsters; one victim claims to have been swindled out of $1.7 million.
Details of Scams and Victim Accounts
Edge & Node co-founder Tegan Kline posted on X on July 7 an account from a “good friend” whose self-custody wallet had $1.7 million emptied. The con artist got them to divulge a portion of their seed phrase. Verifying the victim was “speaking to an official representative at Coinbase” the victim stated the fraudster phoned saying they were from Coinbase’s security team and emailed the victim seeming to be from Coinbase.
The con artist claimed transactions from the victim’s wallet were “connecting directly with the blockchain,” The con artist then sent another email seeming to be from Coinbase with an outgoing purchase. Though the victim understood this was “not safe,” the fraudster sent her to a webpage to input their seed phrase to halt the transactions. She submitted “a portion” of their phrase anyhow without reporting it. Their wallet was empty $1.7 million hours later.
Hiro Systems CEO Alex Miller pointed out that even without submitting, such websites “are capturing data as you enter it,” and the victim’s partial disclosure of their seed phrase was probably sufficient for “the bad guys [to] brute force the rest.” Miller said he had recently received calls from a con artist posing as a Coinbase agent utilizing a related fraud.
Other Alleged Cases
X user “TraderPaul04” on July 3 posted last week a “pretty sophisticated” social engineering effort by a phoney Coinbase agent phoning saying there was a login attempt on their account from another location. Trader Paul stated the American man purporting to be a Coinbase employee validated their email and temporarily froze their Coinbase account, forwarding a phoney password reset link. Un persuaded, Trader Paul persisted on phoning Coinbase customer support directly, which resulted in the con artist hanging up.
Likewise, X user “beanx” on July 7 wrote of a fraudulent call from a phoney Coinbase agent alleging “someone attempted to login to my Coinbase.”
Consequences and Recommendation
Phishing and seed phrase compromise attempts took about $900 million of the approximately $1.19 billion lost to crypto security events in the first half of 2024. If consumers had been using CoinTracker, Hiro Systems CEO Alex Miller encouraged them to cycle their API keys since fraudsters might be utilizing the Coinbase API key to validate user information.
You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.