The cryptocurrency community is sounding the alarm over an ongoing scam targeting investors after scammers impersonating cryptocurrency exchange Coinbase managed to drain nearly $2 million over the weekend. The scam is said to be linked to the 2022 CoinTracker security breach.
$1.7 million withdrawn from Ledger wallet
On Monday, Edge & Node CEO Tegan Klein reported that a crypto investor fell victim to a phishing attack. Scammers impersonated a Coinbase security staff member to target crypto investors. As a result, the user’s self-custody wallet was drained after half of his seed phrase was exposed.
According to the report, a cryptocurrency investor was contacted via Google Voice by a scammer posing as a member of the cryptocurrency exchange’s security team. The scammer, who falsely claimed to be called “David Brown,” called the victim to “confirm” suspicious transactions from his account.
Scammer's "Employee Verification" email. Source: Tegan Kline on X
The victim received an email from a fake Coinbase address “confirming” that the person on the phone was an official representative of the exchange. The crypto investor received another email after verification claiming that his alleged transaction was delayed.
The email shows that a $3,050.87 Ethereum (ETH) transaction was delayed for 72 hours “for security reasons.” The scammer continued the call, telling the victim about their previous addresses, raising suspicions.
When asked about his identity and the information he had revealed, the scammer said he “knew this stuff because he’s from Coinbase.” The alleged Coinbase representative acknowledged the victim’s concerns but claimed the transaction was still ongoing.
The scammer claimed that he needed the victim’s seed phrase because his Ledger wallet was directly connected to the blockchain, and he was “trying to disconnect.” After directing the victim to a website, they argued with the scammer about the safety of this action, but eventually entered part of their seed phrase.
A few hours later, the investor received alerts from CoinTracker. Upon checking Ledger Live, the victim saw that $1.7 million in Bitcoin (BTC), ETH, GRT, MATIC, and DOT had been drained.
Is the CoinTracker breach linked to a new phishing scam?
This scam has many in the community speculating as to how the scammer obtained some of the victim’s private information. For some, the scheme was carried out by someone who knew the investor and his assets.
However, Alex Miller, CEO of Hero, said, Proposal The scam was linked to the CoinTracker security breach in 2022. The data breach compromised the information of more than 1.5 million users who used the cryptocurrency wallet and tax management platform.
Miller revealed that someone was trying to access his Coinbase account using information obtained during the CoinTracker breach.
Hiro's CEO comments regarding the $1.7 million phishing scam. Source: Alex Miller on X
The scammers appear to have used Coinbases’ API key, along with other information, to verify the CEO’s identity. However, the crypto exchange’s security team notified him of the login attempt in progress.
User X I was informed The community where scammers were able to “create a support ticket + (legitimate) email” that they could use “to refer to when contacting you pretending to be from Coinbase support.”
Other users have shared their own scam attempts this month. Several investors reported receiving calls from purported Coinbase representatives to confirm suspicious transactions or login activity.
Finally, Miller suggested that users “make sure their Coinbase account is secure” and “change their API keys if you use cointracker.”
Ethereum (ETH) is trading at $3,054 in the weekly chart. Source: ETHUSDT on TradingView
Featured image from Unsplash.com, chart from TradingView.com