How Coinbase Users Fall Victim to Phishing Attacks

Criminals and fraudsters who prey on the assets of crypto investors and traders are coming up with increasingly sophisticated and cunning schemes and strategies. Some of these we have described in previous articles. If earlier fraudsters imitated official accounts in messengers or social networks, now they've begun utilizing official crypto exchange domains and email accounts, posing as employees of trading platforms.  

Email attacks from the Coinbase domain

Daniel Mason chronicled one such incident, where he started receiving deceitful emails from July 7 onwards. He mentioned that these letters were sourced from an official server associated with the Coinbase.com domain.

A fraudster called Mason from a local number, then dispatched an email from the coinbase.com domain. Consequently, Daniel was hit with a phishing message containing a link leading to an address within the Coinbase subdomain. Upon visiting this page, Mason was confronted with a form soliciting personal data like mailing address, social security number, and driver's license information, along with authorization details.

During the phone conversation, the perpetrator claimed that Mason's account had been potentially breached, necessitating a routine verification procedure initiated via an email sent to the user's address. He was informed that an email from Coinbase would follow shortly, and almost instantly, a message from [email protected] arrived.

Did he create a case on my behalf? Or access Coinbase mail servers?

Mason pondered, expressing his surprise or shock on Twitter.

A tweet from a user marveling at the scammer's thorough preparation. Source: Twitter

In the aftermath of a phishing attack, a Coinbase customer lost $50,000 and is now suing the exchange

Mason's experience is not a one-off. A brief scan of the Coinbase support page reveals a host of user complaints about various scams. Another client affirmed that after losing assets due to a phishing attack, he contacted the Coinbase support line to validate the authenticity of the email and the individual claiming to be an exchange representative. A support staff member confirmed the call took place from an exchange-affiliated number but the email was a hacker's handiwork.

“An employee of Coinbase authenticated a hacker as a Coinbase employee, who then stole my crypto. They then strung me along before taking no accountability, even though I had a witness, time and date of call, and the employee I spoke to,” reported the customer. The matter is now under legal examination. The victim maintains that the cumulative sum of all lost assets is nearly $50,000.

Another phishing scheme involving two-factor authentication

Jacob Canfield has brought to light a new phishing strategy. On June 13, he was subjected to a text message and several phone calls from an imposter, who claimed that alterations in the two-factor authentication (2FA) settings required him to undertake an extra layer of identification.

“They then sent me to the ‘security' team to verify my account to avoid a 48 hour suspension. They had my name, my email and my location and sent a ‘verification code' email from [email protected] to my personal email,” wrote Canfield on Twitter. He further added that the fraudster became irate and abruptly hung up after being denied the request to input the code to proceed with the procedure.

A tweet exposing a scam attempt via the Coinbase.com domain. Source: Twitter

The intriguing aspect is that the email address, [email protected], is indeed recognized as official on the exchange's customer support page. Furthermore, Coinbase has, on multiple occasions, advised its users via various channels that Coinbase employees never request any passwords or 2FA codes under any circumstances, nor do they demand remote access to the clients' devices. Despite these measures, an incident of this sort has occurred.

Coinbase's reaction

Despite the flurry of queries from users and journalists, Coinbase maintains its standard response, emphasizing that the company has dedicated significant resources to elevate its security measures and enlighten users on the ways to combat phishing scams. The exchange announces its cooperation with global law enforcement agencies, assuring that any scam targeting Coinbase's clients will be sternly penalized and pursued in accordance with the law.

As is often the case, if you need a helping hand, you will find one at the end of your arm. 

Our advice

We recommend you to create secure, unique, and long passwords for every individual account and update them regularly – ideally every quarter. For ease of recollection, store them in secure programs like a password manager, or even a regular text file (*.txt), encrypted with a complex password. Moreover, it is crucial to employ two-factor authentication (like Google Authenticator or its alternatives) not only for your exchange accounts but also for email accounts linked to them.

Additionally, we urge you not to click on links from emails unless you have specifically requested customer support due to an existing issue. Any unsolicited “initiatives” from exchanges or trading platforms might be a fraudster's attempt to access your digital wallets with the intent of asset theft.