Crypto scam, steal $1.7 million by posing as Coinbase employees

A sophisticated cyber attack saw fraudsters posing as Coinbase employees manage to steal $1.7 million in cryptocurrency from a self-storage wallet. The victim, a close friend of Edge & Node co-founder Tegan Kline, was tricked into sharing his private key. The attack started with a phone call in which the scammers introduced themselves as Coinbase employees. They then sent an email apparently from Coinbase’s security team, signed “David Brown,” and claimed that the victim was “speaking with an official representative” of Coinbase. The email contained details of the victim’s past transactions to appear more credible.

Sophisticated techniques

To make the scam more convincing, the scammer claimed that the victim’s wallet was ‘directly connected to the blockchain,’ causing unauthorised transactions. Later, they sent another email showing an outgoing transaction. The victim was then redirected to a fake website under the scammers’ control. Although the victim knew that the site was not secure, he entered part of his own keyphrase without completing the submission. However, this was enough for the scammers to steal USD 1.7 million from the victim’s wallet. Alex Miller, CEO of Hiro Systems, explained that malicious websites can capture data as it is entered and that even a partial key phrase can be forced to gain access to the entire wallet.

Rise of cryptocurrency scams

This episode is part of an increasing frequency of cryptocurrency scams. In the first half of 2024, scammers stole nearly $60 million from 20 victims. Miller was also the target of a similar sc am in which the fraudsters posed as Coinbase employees and claimed that someone was trying to access his account. The scammers, exploiting a 2022 data leak from CoinTracker’s email service provider database, created similar email addresses and phone numbers. Miller advised users to “change [their]API keys,” which fraudsters use to occur as victims during an attack.

Foiled attempts and more victims

Another X user, known as ‘TraderPaul04,’ managed to foil a similar attack. He received an automated call informing him that his Coinbase account had been accessed from a different location. Subsequently, he received a call from an ‘American man’ posing as a Coinbase employee and a fake link to reset his password, which he identified as a phishing attempt. The user confirmed that there were no attempts to access his account.

Previous scams involving Coinbase

The Coinbase brand has been used in many scams, not limited to impersonating employees. In May, the US Department of Justice (DoJ) charged an individual with stealing $37 million in cryptocurrency through a fake Coinbase pro website. In addition to Coinbase, fraudsters have impersonated other cryptocurrency exchange platforms, government agencies, and celebrities, sometimes deceiving victims during job interviews.

Advice and preventive measures

To protect against such scams, it is crucial that users are vigilant about unsolicited communications claiming to be from legitimate entities. Never share private keys or key phrases and always verify the authenticity of emails and websites before entering any sensitive information.