Key Points
- Scammers posed as Coinbase employees, stealing $1.7 million.
- They used fake calls and emails to obtain private keys.
- Victims were directed to malicious websites.
- Similar scams have targeted other crypto platforms.
The recent scam involved some criminals pretending to be Coinbase workers who conned users out of millions of dollars worth of digital currencies.
One friend of mine lost $1.7m through such a swindle, Tegan Kline, co-founder of Edge & Node declared. The scammers tricked the victims into giving up their passwords.
Scammers drain $1.7m claiming to be Coinbase employees A new scam saw bad actors impersonate Coinbase employees to dupe users out of millions of dollars worth of cryptocurrency assets https://t.co/gVuE3pvcQj pic.twitter.com/7QkmSH3p2n
— Mehmet Yillari (@MYillari) July 8, 2024
How the Scam Unfolded
The scammers contacted the victim via phone, pretending to be employees of the well-known crypto exchange Coinbase. They sent a follow-up email that appeared like it came from Coinbase’s security team on Wednesday evening.
The email in question was signed by one “David Brown” and he assured its recipient that they were indeed communicating with an authorized representative from Coinbase.
The scammers went to great lengths to seem legitimate, even referencing the victim’s past transactions on Coinbase, saying that the wallet was connecting directly with the blockchain hence unauthorized transactions occurring. A subsequent email depicted an outward transfer from the sufferer’s pocket reinforcing this claim.
To deal with it, the victim was redirected here onto a corrupt site run by fraudsters themselves. Despite knowing it was not safe, this person entered part of a key phrase without completing or submitting it fully. Tragically, this partial information alone sufficed for the cons to extract 17 million dollars from his pocketbook.
Hiro Systems CEO Alex Miller said these sites capture information as people enter it; sometimes typed in the wrong order. A single word is enough for them to use brute force attacks against these seed phrases.
Miller informed me last week that he also suffered a similar incident whereby con artists posed as employees from Coinbase and claimed that someone was trying to access his account.
The Broader Impact and Precautions
This incident is part of a larger trend of scams leveraging the Coinbase brand name. In May, the U.S. Department of Justice filed charges against an individual who stole $37 million through a false Coinbase Pro website.
Apart from Coinbase, scammers have also impersonated other crypto exchanges, government agencies as well as well-known celebrities using advanced techniques to dupe their victims.
Crypto users must remain vigilant and skeptical of unsolicited communications, especially those requesting sensitive information. It is crucial to verify the legitimacy of any contact by using official channels and never share private keys or seed phrases.