The crypto community has raised the alarm about an ongoing phishing scam targeting investors after scammers posing as crypto exchange Coinbase successfully drained nearly $2 million over the weekend. The scam is reportedly related to the CoinTracker security breach from 2022.
$1.7 Million Drained From Ledger Wallet
On Monday, Edge & Node’s CEO, Tegan Kline, reported that a crypto investor had fallen victim to a phishing attack. The scammers impersonated a Coinbase security member to target crypto investors. As a result, a user’s self-custody wallet was drained after revealing half of their seed phrase.
Per the report, a crypto investor was contacted via Google Voice by a scammer pretending to be from the crypto exchange’s security team. The scammer, falsely claiming to be named “David Brown,” contacted the victim to “confirm” suspicious transactions from their account.
The victim received an email from a fake Coinbase address “verifying” that the person on the phone was an official exchange representative. The crypto investor received another email after verification claiming their alleged transaction had been delayed.
The email shows that a transaction for $3,050.87 in Ethereum (ETH) had been delayed for 72 hours for “security reasons.” The scammer continued the call, talking to the victim about their previous addresses, which raised suspicions.
When questioned about their identity and the information he disclosed, the scammer stated that he “knows these things because he is from Coinbase.” The alleged Coinbase representative acknowledged the victim’s concerns but claimed the transaction was still coming through.
The scammer claimed to need the victim’s seed phrase as their Ledger wallet was connecting directly to the blockchain, and he was “trying to disconnect it.” After directing the victim to a website, they argued with the scammer about the safety of this action but eventually entered a portion of their seed phrase.
A few hours later, the investor received CoinTracker alerts. Upon checking their Ledger live, the victim saw that $1.7 million had been drained in Bitcoin (BTC), ETH, GRT, MATIC, and DOT.
CoinTracker Breach Linked To New Phishing Scam?
Many community members speculated about the scam, wondering how the scammer obtained some of the victim’s information. To some, this scheme was conducted by someone who knew the investor and their holdings.
However, Alex Miller, CEO of Hiro, suggested that the scam was linked to the CoinTracker security breach from 2022. The data breach compromised the information of over 1.5 million users who used the cryptocurrency portfolio and tax management platform.
Miller revealed that someone was trying to access his Coinbase account using information obtained during the CoinTracker breach.
The scammers seemingly used Coinbases’ API key, alongside other information, to verify they were the CEO. Nonetheless, the crypto exchange’s security team informed him of the ongoing login attempt.
An X user informed the community that scammers were able to “generate a (legitimate) support ticket + email” that could be used to “reference when calling you posing as Coinbase support.”
Other users shared their scamming attempts from this month. Several investors reported receiving calls from alleged Coinbase representatives to confirm suspicious transactions or login activity.
Ultimately, Miller suggested users “make sure your Coinbase account is locked down” and “cycle your API keys if you have been using cointracker.”
Bitcoinist.comRead More