- Scammers posing as Coinbase representatives have recently deceived multiple users, resulting in the theft of $1.7 million from one victim.
- These incidents highlight a surge in sophisticated phishing attacks targeting crypto users.
A Growing Threat: The Latest Scams Targeting Crypto Users
In a concerning wave of scams, at least three Coinbase users and one crypto user have reported being deceived by scammers impersonating Coinbase representatives over the past week. One victim revealed a staggering loss of $1.7 million after being tricked into sharing part of their seed phrase.
Edge & Node co-founder Tegan Kline took to social media on July 7 to recount an incident involving a friend whose self-custody wallet was drained of $1.7 million. The scammer, posing as a member of Coinbase’s security team, called the victim and sent an email that seemed to verify the authenticity of their claim.
The fraudster falsely asserted that the victim’s wallet was “connecting directly with the blockchain,” prompting unauthorized transactions. To seemingly resolve the issue, the scammer sent another email showing an outgoing transaction, again appearing to come from Coinbase.
The victim was then directed to a fraudulent website to enter their seed phrase to stop the transactions. Despite knowing it was unsafe, they entered part of their seed phrase without submitting it. This partial reveal was enough for the scammer to brute force the rest, leading to the theft.
Hiro Systems CEO Alex Miller explained that such websites capture data as it is entered, even without submission. He also shared his own experience of being targeted by a similar scam. Miller suspects that his information might have been compromised in a 2022 data leak from CoinTracker’s email service provider. He advised users to regularly update their API keys if they have been using CoinTracker.
Another user, TraderPaul04, detailed on July 3 an attempt by a scammer posing as a Coinbase representative. The scammer claimed there had been a login attempt from a different city and provided a fake password reset link to capture the victim’s account details. TraderPaul’s suspicion led them to directly contact Coinbase customer service, causing the scammer to hang up.
On July 7, yet another user, beanx, reported a similar scam call from a fake Coinbase rep claiming someone attempted to log into their account.
Cointelegraph reached out to Coinbase for comment but has yet to receive a response. This spate of attacks is part of a broader trend, with around $1.19 billion lost to crypto security incidents in the first half of 2024 alone. Over $900 million of this amount was stolen through phishing and seed phrase compromise attacks.
As these incidents highlight, it is crucial for crypto users to remain vigilant and cautious, especially when receiving unsolicited communications regarding their accounts. Always verify the legitimacy of such communications directly with the official sources before taking any action.