Coinbase Phishing Scam: How a Crypto Investor Lost $1.7 Million

Crypto investors are on high alert after a recent phishing scam impersonating Coinbase drained nearly $2 million from a user’s wallet. This scam appears to be connected to a 2022 data breach of the CoinTracker platform.

The Scam

A crypto investor received a call from someone claiming to be a Coinbase security representative named “David Brown.” The scammer claimed to be investigating suspicious transactions from the investor’s account and requested confirmation of their identity.

The investor received a fake email from a Coinbase address, seemingly verifying the caller’s identity. The scammer then claimed a transaction was delayed for “security reasons” and requested the investor’s seed phrase to “disconnect” their Ledger wallet from the blockchain.

The investor, despite some doubts, eventually provided a portion of their seed phrase. Within hours, their wallet was drained of $1.7 million worth of Bitcoin, Ethereum, and other cryptocurrencies.

The Connection to CoinTracker

Many believe this scam is linked to the 2022 CoinTracker data breach, which compromised the information of over 1.5 million users.

The CEO of Hiro, Alex Miller, reported that someone attempted to access his Coinbase account using information obtained during the CoinTracker breach. The scammers used Miller’s API key and other details to try and verify their identity.

It appears the scammers were able to generate legitimate-looking support tickets and emails to further convince victims they were dealing with real Coinbase representatives.

Protecting Yourself

To protect yourself from this type of scam, experts recommend:

Lock down your Coinbase account: Enable two-factor authentication and review your security settings.
Cycle your API keys: If you’ve used CoinTracker, change your API keys to prevent scammers from accessing your accounts.
Be cautious of unsolicited calls and emails: Never share your seed phrase or other sensitive information with anyone, even if they claim to be from a reputable company.
Verify information independently: If you receive a suspicious call or email, contact Coinbase directly through their official website or app to confirm the legitimacy of the communication.