A prominent crypto trader has warned fellow Coinbase users about a sophisticated phishing scam he nearly fell victim to earlier this month.
Jacob Canfield took to Twitter to share details of the ruse, which he described as “one of the most complex scams in crypto that I have seen to date” for the way it used social engineering techniques and even appeared to send an email from a legitimate Coinbase account.
The purpose of the crypto con was simple enough: to gain access to and then drain Canfield's account of its assets. It serves as a stark warning to crypto whales and everyone else, both of how convincing phishing attacks can be and the fact that anyone can find themselves ensnared in one – even if they're not aware they've been involved in a data breach.
How the Coinbase Phishing Scam Worked
In the hope of preventing others from falling victim to the swindle, Canfield shared full details of how the phishing attack worked and was helped along the way by the wider crypto and hacking communities. Here's how it went down, with thanks to Bankless Times for the tip-off.
First, the Coinbase user (Canfield, in this case) received a text message claiming to be Coinbase. It alleged to be notifying him of changes to his account's two-factor authentication (2FA) settings. Shortly thereafter, he received a series of telephone calls purporting to be from Coinbase's support team. These were made all the more convincing by the fact they came from a San Francisco area number, which is where the crypto exchange's HQ is located.
The fraudsters on the other end of the line made every effort to appear genuine, quizzing Canfield on his location and even sending a further text message confirming the changes had been cancelled. At this stage, they redirected him to a so-called “security” team to verify his account, threatening him with a 48-hour account suspension if he didn't comply with their requests.
At this stage, the phishers send Canfield an email appearing to come from the legitimate email@example.com address. It contained a verification code they wanted him to relay back to them, which he refused to do and effectively threw the scammers off their game. The call was terminated abruptly.
Further investigations revealed that the email address was actually coming via Amazon's email provider, but the waters muddy thereafter. Either the email and code were real, in which case the hackers were on live chat or a call with the real Coinbase support. In this scenario, they could have instigated a password reset or accessed his account had he provided the code.
Alternatively, the email was spoofed and the code was fake. What was going to happen next remains a mystery, though presumably the scammers had another nefarious trick up their sleeve. Fortunately, the trader's vigilance paid dividends and he suffered no losses from the attack, but what remains worrying that they had access to large amounts of his personal information, including his phone number and email address.
Data Leak Debate and How to Protect Yourself
The real question for Canfield and his followers on Twitter then became how his personal details were acquired by the scammers in the first place. Initially, some suspected that it might have been linked to a direct Coinbase data breach or one at a related outfit, such as crypto tax preppers CoinTracker.
However, Coinbase flatly denied such allegations and Canfield has since shared new information courtesy of a white hat hacker, who said that his personal data had been involved in over 20 data breaches, of which the 2022 Gemini breach and MGM Resorts one are the most notable. Canfield ultimately hopes that sharing his experience helps keep others on their guard when it comes to phishing scams and urged fellow users to change their passwords as a precautionary measure. As many at 30 people have been hit by this specific scam, he added, some of whom were taken to their cleaner for their digital currency.
What else can you do to protect yourself? The level of social engineering that phishing scams entail mean they're immune to even the best antivirus software, though you can lessen your chances of being caught up in a data breach by using a good password manager that makes it easy to create unique protection for all of your online accounts. Coinbase users specifically can also report phishing attacks related to the platform directly.