Scammers Impersonating Coinbase Stole Millions of Dollars
A few days ago, several Coinbase users and one crypto investor ~reported~ that they had become victims of fraudsters posing as exchange employees. One of them claims that he was swindled out of $1.7 million after being manipulated into revealing part of his seed phrase.
The victim said that the scammer called, claiming to be from Coinbase security, and emailed him purporting to be from the company, confirming that he was “speaking to a Coinbase official”. He then claimed that the victim’s wallet was “connected directly to the blockchain”, which would lead to a withdrawal of funds from the wallet. Afterward, the fraudster sent another email purporting to be from Coinbase, showing the outgoing transaction.
He redirected the victim to a website where they had to enter a passphrase to stop the transactions. The user knew it was “unsafe” but entered “part” of the phrase anyway, although he did not submit it. A few hours later, $1.7 million was taken from their wallet.
Alex Miller, CEO of Hiro Systems, wrote that such websites “are capturing data as you enter it.” without even sending it, and if the victim partially revealed their initial phrase, it was enough for “the bad guys to brute force the rest.”
According to Miller, he was also recently contacted by a fraudster claiming to be from Coinbase who used a similar scheme. He believes that his data may have been leaked in 2022 from the email service provider CoinTracker’s database.
“Specifically, they were using the Coinbase API key connecting to CoinTracker to verify that they were me (in addition to other info). At the very least, cycle your API keys if you have been using CoinTracker,” Miller ~advised~.
Source - https://coinstats.app/news/bc6618a685aa4f395d8c19c25ea373a0511461c54f0d986bc24832a06d031e9b_Crypto-News%3A-Aptos-Keyless-Wallet%2C-SingularityNET-and-Filecoin-Partnership%2C-Unauthorised-Transactions-on-Binance/
