Scammers drain $1.7m claiming to be Coinbase employees

As a researcher with personal experience in the cryptocurrency space, I cannot stress enough how important it is to remain vigilant against scams and phishing attempts. The recent incident of Coinbase impersonation scams that resulted in millions of dollars worth of assets being stolen from unsuspecting users is a stark reminder of this.


As a financial analyst, I’ve recently come across a deceitful scheme where criminals posed as Coinbase employees to swindle unsuspecting users out of large sums of cryptocurrencies.

Tegan Kline, the co-founder of Edge & Node, issued a cautionary note after a friend of hers suffered a significant loss. To the tune of $1.7 million, the unfortunate individual fell prey to a scam, unwittingly revealing their private key.

Scammers deceitfully reached out to their victim through a phone call, posing as representatives from the cryptocurrency platform Coinbase.

After a short time, an email arrived in their inbox, appearing to come from the security department of Coinbase. In this message, the impostors introduced themselves as “David Brown” and claimed they were representing an official Coinbase team member.

To seem legitimate, they informed the victim about their past transactions from Coinbase. 

The scam artist deceitfully informed the victim that their wallet was “directly interacting with the blockchain,” leading to unauthorized transactions, which was then supported by an email displaying a recent transaction.

To address this issue, the victim was redirected to a website under the scammer’s control. 

The victim acknowledged that the website seemed unsafe to them, yet they only inputted a portion of their key phrase without completing the transaction. Surprisingly, cybercriminals managed to steal $1.7 million from the victim’s account.

Malicious websites steal data as users input it, warned Alex Miller, CEO of Hiro Systems. A mere fragment of a seed phrase is sufficient for these sites to “guess the remainder” or “crack the whole code.”

Miller mentioned experiencing a deceptive scheme identical to the one involving a false Coinbase representative, who allegedly attempted to gain access to his account by claiming unauthorized activity was detected.

As an analyst, I would rephrase it as follows: In 2022, I discovered that my email, which contained sensitive information from CoinTracker, might have been compromised in a data breach involving their email service provider’s database. To protect others from potential harm, I recommend users of CoinTracker to rotate their API keys regularly. This simple precaution can help prevent unauthorized access and ensure the security of their accounts.

As a researcher studying cybersecurity threats, I’ve encountered an incident where an attack seemed moderately targeted towards me. The attacker created an email address that resembled mine and spoofed a phone number with a slight variation. However, they haven’t attempted to phish me or crack any of my underlying accounts as of now.

TraderPaul04, another Coinbase user, reportedly prevented a similar incident by responding to an automated phone call. The call notified him that someone was attempting to access his account from a new location.

A request came for him to verify his login details. Subsequently, he got a phone call from what claimed to be a Coinbase representative, who introduced himself as an American male. Later on, TraderPaul04 detected a fraudulent password reset link. This was identified as a phishing attempt.

The X user also confirmed that there were no login attempts on his account. 

Scammers have frequently misused the Coinbase name, going beyond simple employee impersonations. For instance, in May 2021, an individual was indicted by the US Department of Justice (DoJ) for orchestrating a fraudulent scheme involving a fake Coinbase professional website, resulting in a stolen crypto hoard worth $37 million.

As a researcher studying the world of cryptocurrencies, I’ve discovered that scammers don’t limit their schemes to just impersonating Coinbase. They also disguise themselves as other crypto exchanges, government agencies, and even famous personalities. Some victims have fallen prey to these deceptions during job interview scams.

Read More

2024-07-08 11:22