Twitter users have been sharing incidents of security breaches and phishing attacks related to Coinbase, a popular cryptocurrency exchange. Reports suggest that scammers are exploiting Coinbase’s domain name in these attacks. One recent case involved a Twitter user named Daniel Mason, who received texts and emails from scammers using the domain Coinbase.com. The fraudster, who spoke fluent English, contacted Mason through a real phone number and initiated an email from a Coinbase.com domain. Subsequently, Mason was directed to a Coinbase subdomain URL where his personal information, including address, social security number, and driver’s license number, was requested.
Mason’s experience is not an isolated incident. Numerous users on social media platforms have reported similar security incidents involving Coinbase. Complaints include various types of scams, such as phishing attempts on Coinbase Wallet and criminals using the company’s web address. Cointelegraph interviewed another victim who called Coinbase’s support line to verify an email about an account compromise. Although the employee confirmed the communication’s authenticity, it turned out to be the work of a hacker. The victim claims to have lost approximately $50,000 in assets due to this incident, and the case is now in litigation.
These reports align with an attack on Jacob Canfield, another Twitter user, who received text messages and phone calls from a fraudster claiming a change in his two-factor authentication (2FA). The criminal attempted to verify Canfield’s account by sending a “verification code” email from help@coinbase.com, an address listed as reliable and official on Coinbase’s support page. However, when Canfield refused to provide the code, the criminal grew agitated and ended the call.
Coinbase emphasizes on its blog and support page that its staff will never ask users for passwords, two-step verification codes, or request remote access to devices. Security experts recommend using strong, unique passwords for cryptocurrency accounts and enabling two-factor authentication on applications.
Cointelegraph reached out to Coinbase for comment but did not receive an immediate response.
These incidents serve as a warning to Coinbase users and highlight the need for heightened cybersecurity measures in the cryptocurrency space.
It is important for users to be vigilant, verify communications, and report any suspicious activities to prevent falling victim to scams and fraud.