Update (July 7 at 9:33 PM UTC): This article has been updated to include Coinbase’s response.
Coinbase’s users have been turning to Twitter to report scams and phishing attacks involving the company’s services and applications in recent weeks, including claims that scammers are using the crypto exchange’s domain name.
The most recent case was disclosed on July 7 by a Twitter user identified as Daniel Mason, who allegedly received texts and emails from scammers with links under the domain Coinbase.com.
The fraudster contacted Mason using a real phone number, then triggered an email from a Coinbase.com domain, followed by a phishing text message directing him to a Coinbase subdomain URL, before verifying Mason’s address, social security number and driver’s license number.
I founded an identity / security company.
I’m currently building an auth company.
But my Coinbase account *almost* got phished.
This is the (2nd) most legit fraud attack I’ve ever experienced personally. Wild story below.
— Daniel Mason (SF next week ) (@dgmason) July 7, 2023
As Mason notes, the scammer was well-spoken and a native English speaker. The fraudster reportedly said during a phone call that Mason would receive an email from Coinbase regarding an alleged breach of his account. Immediately, an email arrived from email@example.com. “Did he create a case on my behalf? Or access Coinbase mail servers?” Mason commented on Twitter.
Mason’s experience is one of many on the social media platform reporting security incidents involving the crypto exchange. A brief look at Coinbase’s support page shows users complaining about several types of scams, including phishing on Coinbase Wallet and criminals using the company’s web address.
Cointelegraph spoke with a victim of a similar approach. The individual, who asked to remain anonymous, claims to have called Coinbase’s support line to verify the authenticity of an email about the user’s account being compromised. The employee then confirmed it was real communication, but the email was the work of a hacker.
“An employee of Coinbase authenticated a hacker as a Coinbase employee, who then stole my crypto. They then strung me along before taking no accountability, even though I had a witness, time and date of call, and the employee I spoke to,” said the individual. The case is now under litigation. Among funds frozen and stolen, the victim claims to have lost roughly $50,000 in assets.
The reports follow the same pattern as the attack on Twitter user Jacob Canfield. Canfield reportedly received a text message and phone calls from a fraudster on June 13, citing an alleged change in his two-factor authentication (2FA).
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
— Jacob Canfield (@JacobCanfield) June 13, 2023
“They then sent me to the ‘security’ team to verify my account to avoid a 48 hour suspension. They had my name, my email and my location and sent a ‘verification code’ email from firstname.lastname@example.org to my personal email,” Canfield explained, adding that the criminal “got angry and hung up the phone” when told the code would not be sent.
The email email@example.com is listed on the exchange’s support page as a reliable and official address. The company’s blog also states that its staff will never ask users for passwords or two-step verification codes and won’t request remote access to devices.
In a statement to Cointelegraph, Coinbase said it has “extensive security resources dedicated to educating customers about preventing phishing attacks and scams. We work with international law enforcement to ensure that anyone scamming Coinbase customers is prosecuted to the fullest extent of the law.“
Security specialists recommend strong, unique passwords for crypto accounts and enabling 2FA on applications.