- Scammers impersonate Coinbase employees, causing a $1.7M loss.
- Victim tricked by fake “Employee Verification” email.
- Scammers use partial data to brute force seed phrases.
A disturbing new trend of scammers impersonating Coinbase employees has emerged, leading to multiple reports of attempted fraud and a massive loss of $1.7 million from a single victim’s self-custody wallet. This incident was highlighted by Tegan Kline, co-founder of Edge & Node, who detailed the exploit on a social platform.
The victim, who preferred to remain anonymous for security reasons, was initially contacted by someone claiming to be “David Brown,” a representative from Coinbase’s security team. The scammer reached out via a Google Voice call, followed by an official-looking email purportedly for “Employee Verification,” creating an illusion of legitimacy.
The victim was falsely informed about unauthorized transactions supposedly occurring due to their wallet being directly connected to the blockchain. The victim explained,
He then spent time talking to me and telling me information about my previous addresses. I said that those things were true but then I asked him how I would know he is who he says he is. He said he knows these things because he is from Coinbase.
Hiro Systems CEO, Alex Miller, shed light on the mechanics behind such scams, noting that such websites “are capturing data as you enter it” even without submitting it, and the victim’s partial reveal of their seed phrase was likely enough for “the bad guys [to] brute force the rest.” Miller added,
Metallica’s X Account Hacked: False Claims of Ticketmaster PartnershipSpecifically they were using the coinbase API key connecting to cointracker to verify that they were me (in addition to other info),
A recent victim, identified as “TraderPaul04,” successfully avoided a scam attempt after being alerted about a suspicious login attempt from a different city. The user received an automated call telling him that his Coinbase account was being accessed from a different location.
He was asked to confirm the login.
Following this, he received a call from “an American male” who identified as a Coinbase employee. He then received a fake password reset link, which TraderPaul04 identified as a phishing attempt.
X user “beanx” posted they also had a similar scam call with a fake Coinbase rep claiming that someone attempted to login to their Coinbase. This incident highlights the critical need for enhanced vigilance and security measures within the cryptocurrency community. Users are urged to verify any unsolicited communication and to utilize additional security features such as two-factor authentication and hardware wallets to safeguard their assets.