A new scam saw bad actors impersonate Coinbase employees to dupe users out of millions of dollars worth of cryptocurrency assets.
Tegan Kline, the co-founder of Edge & Node, has warned of this new attack where his “good friend” lost $1.7 million from their self-custody wallet. The victim was tricked into sharing their private key.
The scammers contacted the victim via a call, masquerading as an employee of the crypto exchange Coinbase.
Soon after, they sent an email that seemed to originate from Coinbase’s security team. In the email, the scammers identified themselves as “David Brown,” adding that the recipient was “speaking to an official” Coinbase representative.
To seem legitimate, they informed the victim about their past transactions from Coinbase.
The scammer then claimed the victim’s wallet was “connecting directly with the blockchain,” resulting in unauthorized transactions. This was followed by a subsequent email showing an outgoing transaction.
To address this issue, the victim was redirected to a website under the scammer’s control.
According to the victim, they knew the website was “not safe” but entered just a part of their key phrase but did not submit it. Despite this, $1.7 million was siphoned off the victim’s wallet.
These malicious websites capture data as a user enters it, said Hiro Systems CEO Alex Miller, adding that even a part of a seed phrase is enough for them to “brute force the rest.”
Miller added he was targeted in a similar fake Coinbase employee scam. The scammers claimed that someone was trying to access his account.
The executive estimated that his email may have leaked in a 2022 data breach from CoinTracker’s email service provider database. He advised anyone using CoinTracker to “cycle [their] API keys,” which scammers leverage to verify as the victim during an attack.
“This feels like a moderately-targeted attack. They created a look-alike email address and spoofed a phone number similar to mine but so far haven’t appeared to try and phish me or crack any of my underlying accounts,” Miller added.
Another X user, “TraderPaul04” also claimed to have ‘thwarted’ a similar attack. The user received an automated call telling him that his Coinbase account was being accessed from a different location.
He was asked to confirm the login. Following this, he received a call from “an American male” who identified himself as a Coinbase employee. He then received a fake password reset link, which TraderPaul04 identified as a phishing attempt.
The X user also confirmed that there were no login attempts on his account.
The Coinbase brand name has been leveraged on several occasions by scammers, and it’s not just limited to employee impersonation. In May, the United States Department of Justice (DoJ) charged an individual for stealing $37 million in crypto via a fake Coinbase pro website.
Beyond Coinbase, scammers have impersonated other crypto exchanges, government agencies, and even celebrities. In some cases, victims have been duped in the name of job interviews.