The crypto community has sounded the alarm about an ongoing phishing scam targeting investors after scammers posing as cryptocurrency exchange Coinbase managed to siphon off nearly $2 million over the weekend. The scam is believed to be linked to the 2022 CoinTracker security breach.
$1.7 million withdrawn from Ledger wallet
On Monday, Edge & Node CEO Tegan Kline reported that a cryptocurrency investor had been the victim of a phishing attack. The scammers impersonated Coinbase security to target cryptocurrency investors. As a result, one user’s self-held wallet was drained after revealing half of their starting sentence.
According to the report, a cryptocurrency investor was contacted via Google Voice by a scammer posing as a member of the cryptocurrency exchange’s security team. The scammer, posing as “David Brown,” contacted the victim to “confirm” suspicious transactions on his account.
Scammer's "Employee Verification" email. Source: Tegan Kline on X
The victim received an email from a fake Coinbase address “verifying” that the person on the phone was a government official exchange representative. The cryptocurrency investor received another email after verification claiming that his alleged transaction had been delayed.
The email states that a transaction of $3,050.87 in Ethereum (ETH) was delayed for 72 hours due to “security reasons.” The scammer continued the call, telling the victim about their previous addresses, which raised suspicions.
When asked about his identity and the information he disclosed, the scammer said he “knew these things because he worked for Coinbase.” The alleged Coinbase representative acknowledged the victim’s concerns but claimed the transaction was still in progress.
The scammer claimed to need the victim’s seed phrase because their Ledger wallet connected directly to the blockchain, and he was “trying to disconnect it.” After directing the victim to a website, they discussed the security of doing so with the scammer, but ultimately entered part of their seed phrase.
A few hours later, the investor received CoinTracker alerts. By checking his Ledger live, the victim noticed that $1.7 million had been drained in Bitcoin (BTC), ETHGRT, MATIC and DOT.
Is CoinTracker Breach Linked to New Phishing Scam?
Many community members speculated about the scam, wondering how the scammer obtained certain information about the victim. Some believe that the scam was carried out by someone who knew the investor and their assets.
However, Alex Miller, CEO of Hiro, suggested that the scam was linked to the 2022 CoinTracker security breach. The data breach compromised the information of more than 1.5 million users who used the cryptocurrency portfolio management and tax platform.
Miller revealed that someone was trying to access his Coinbase account using information obtained in the CoinTracker breach.
Hiro's CEO comments regarding the $1.7 million phishing scam. Source: Alex Miller on X
The scammers apparently used Coinbase’s API key, along with other information, to verify that they were indeed the CEO. However, the cryptocurrency exchange’s security team notified him of the ongoing login attempt.
A user X informed the community that scammers were able to “generate a (legitimate) support ticket + email” that could be used as a “reference when calling pretending to be Coinbase support.”
Other users shared their scam attempts this month. Several investors reported receiving calls from supposed Coinbase representatives to confirm suspicious transactions or login activity.
Ultimately, Miller suggested users “make sure your Coinbase account is locked” and “recycle your API keys if you used Cointracker.”
Ethereum (ETH) is trading at $3,054 in the weekly chart. Source: ETHUSDT on TradingView
Featured image from Unsplash.com, chart from TradingView.com