Update (July 7 at 9:33 PM UTC): This article has been updated to include Coinbase’s response.
Coinbase users have taken to Twitter to report scams and phishing attacks involving the company’s services and applications in recent weeks, including claims that scammers are using the domain name of the crypto exchange.
The most recent case is exposed on July 7 by a Twitter user identified as Daniel Mason, who allegedly received texts and emails from scammers with links under the Coinbase.com domain.
The fraudster contacted Mason using a real phone number, then triggered an email from a Coinbase.com domain, followed by a phishing text message directing him to a subdomain URL on Coinbase, before Mason’s address, social security number and driver’s license number were verified.
I’m building an identity/security company.
I am currently building an auth company.
But my Coinbase account was *almost* phished.This is the (2nd) most legitimate fraud attack I have personally experienced. Wild story below.
— Daniel Mason (SF next week ) (@dgmason) July 7, 2023
As Mason said, the scammer is well spoken and a native English speaker. The fraudster reportedly said during a phone call that Mason would receive an email from Coinbase about the alleged breach of his account. Just then, an email arrived from help@coinbase.com. “Is he making a case for me? Or accessing Coinbase mail servers?” Mason commented on Twitter.
Mason’s experience is one of many on the social media platform that has reported security incidents involving crypto exchanges. A quick look at Coinbase’s support page shows users complaining about several types of scams, including Coinbase Wallet phishing and criminals using the company’s web address.
Cointelegraph spoke to a victim of a similar approach. The individual, who asked to remain anonymous, claimed to have called Coinbase’s support line to verify the authenticity of an email about the compromised user account. The employee then confirmed that it was a genuine communication, but that the email was the work of a hacker.
“A Coinbase employee identified a hacker as a Coinbase employee, who then stole my crypto. They then hugged me before accepting responsibility, even though I had a witness, the time and date of the call, and the employee I talked to,” said the individual. The case is now in litigation. claims to have lost nearly $50,000 in assets.
The reports follow the same pattern as ATTACKS by Twitter user Jacob Canfield. Canfield reportedly received a text message and phone call from an impostor on June 13, mentioning an alleged change to his two-factor authentication (2FA).
Holy shit.
I was recently attacked by one of the most complex scams #crypto that I have seen so far.
Please read if you use @coinbase.
This happened 15 minutes ago.
THIS IS A WARNING TO ALL COINBASE USERS!
There is some kind of data breach.
First, I… pic.twitter.com/aOVWLpAtY4
– Jacob Canfield (@JacobCanfield) June 13, 2023
“They sent me to the ‘security’ team to verify my account to avoid a 48 hour suspension. They had my name, my email and my location and sent a ‘verification code’ email from help@coinbase .com to my personal email,” Canfield explained, adding that the criminal “got angry and hung up” when told the code would not be sent.
The email help@coinbase.com is listed on the exchange’s support page as a reliable and official address. The company’s blog also says its staff will never ask users for passwords or two-step verification codes and will never request remote access to devices.
In a statement to Cointelegraph, Coinbase said it has “many security resources dedicated to educating customers about preventing phishing attacks and scams. We are working with international law enforcement to ensure that anyone defrauding Coinbase customers is prosecuted to the fullest extent of the law.
Security specialists recommend strong, unique passwords for crypto accounts and enabling 2FA in applications.
Magazine: $3.4B in Bitcoin in a popcorn tin — The story of the Silk Road hacker