What Happened?
Many users of cryptocurrency exchanges have recently shared in online communities that they have received scam emails allegedly from the official Coinbase and Gemini exchanges.
The content of these emails mainly asks users to transfer assets to a “self-custody wallet” and provides users with recovery phrases to set up a wallet. If users follow the steps outlined in the email, their assets will be controlled by the scammers.
According to a report by blockchain security firm CertiK, phishing attacks related to cryptocurrencies have caused severe losses for users, and even founders of companies have fallen victim to these cunning scams.
Users Frequently Receive Scam Emails Impersonating Exchanges
Recently, many cryptocurrency traders have shared that they received scam emails impersonating exchanges such as Coinbase and Gemini. The emails urge users to transfer their assets to a “self-custody wallet” and use preset “recovery phrases” to create the wallet. However, this is part of a well-planned scam.
In one user’s case, the email claimed that Coinbase was facing a class-action lawsuit for selling unregistered securities, and the court ordered users to manage their own wallets. However, the U.S. Securities and Exchange Commission (SEC) had already dropped similar charges against Coinbase on February 27, 2025.
The email also included a tutorial on how to download the official Coinbase Wallet, along with a pre-generated recovery phrase. Once users set up the wallet and transferred funds using these recovery phrases, the scammers were able to control the wallet and quickly steal all the assets.
According to reports, Coinbase has responded to the situation, emphasizing that the company will never proactively provide recovery phrases and warning users to “never enter a recovery phrase provided by others.”
Is anyone else getting the fake@coinbaseemails and texts? They’re getting increasingly sophisticated.
One is a fake verification text to get you to call a fake support number and the other is an email getting you to set up a real wallet they can drain.
Stay safe out there.
Steve (@SteveKBark) March 14, 2025
How to Defend Against Cryptocurrency Phishing Scams?
This type of scam is very common in the cryptocurrency world and is becoming more serious. According to a report from blockchain security company CertiK, phishing attacks related to cryptocurrencies caused user losses of $1 billion in 2024, and the total number of scams reached 296.
Phishing attacks are a common type of online scam where the scammers impersonate legitimate organizations, companies, or individuals to trick victims into revealing sensitive information, such as account passwords or credit card numbers. They may also encourage victims to download malicious software or click on harmful links, ultimately stealing funds or gaining unauthorized access to systems.
Additionally, CertiK’s report points out that at least three cryptocurrency company founders were targeted by suspected North Korean hackers. These hackers pretend to invite the founders for meetings to discuss cooperation opportunities. Once the meeting begins, the hackers claim there is an audio issue and provide a new meeting link. When the victim clicks the link, malicious software is unknowingly installed on their computer, allowing the hackers to steal data or control the device.
With scams continuously emerging in the cryptocurrency world, avoiding them completely can be difficult. The best preventive measure is to stay cautious. If you notice that the sender’s email address is suspicious and does not come from an official domain, avoid clicking any links. Furthermore, recovery phrases should always be generated by the user and never shared with anyone.
If you are a frequent trader, it is also advisable to enable “two-factor authentication” (2FA). Even if your account password is stolen, you will have an additional layer of security.
Source: Cointelegraph, AIinvest