A well-known crypto trader recently experienced a sophisticated phishing scam targeting his Coinbase account, which he described as one of the most complex scams he has encountered in the crypto world.

Jacob Canfield took to Twitter to warn Coinbase users about the incident, highlighting the tactics used by the scammers and urging others to be cautious.

The Intricate Phishing Scam

Canfield initially received a text message notifying him of a change in his Coinbase two-factor authentication (2FA).

Subsequently, he received multiple phone calls from a fake Coinbase customer support line, which appeared to originate from a San Francisco number.

The scammers questioned Canfield about his whereabouts and whether he had requested any account changes.

To gain his trust, they even sent a text message confirming the cancellation of the change requests, but redirected him to a fraudulent Coinbase ‘security’ team to verify his account and avoid a 48-hour suspension.

Deception and Manipulation

The scammers possessed Canfield’s name, email, and location details, and went as far as sending him a verification code email from help@coinbase.com to his personal email. Although they requested the verification code, Canfield wisely refused to provide it.

The scammers became agitated and abruptly ended the call. Unbeknownst to Canfield, the code they had sent was his actual 2FA, and they were attempting to log into his account and drain his funds while they were on the call.

Notably, the scammer’s emails resembled legitimate Coinbase communications but were sent using Amazon’s email provider.

The Aftermath and Speculation

The incident raised concerns within the crypto community, particularly regarding how the scammers managed to trigger Coinbase to send a genuine 2FA verification code email. Some users suggested a potential data breach as a possible explanation.

However, Coinbase denied any data breach and indicated that a third-party might be involved. CoinTracker, which has a tax prep partnership with Coinbase, was mentioned as a potential source of the leak, although they denied any involvement while acknowledging a separate data breach in December that may have included Canfield’s email.

Remaining Vigilant Against Phishing Attempts

Although Canfield promptly identified the scam, he expressed concern that others may fall victim to this highly sophisticated phishing attempt.

It is worth noting that the scammers failed to obtain Canfield’s actual 2FA code because he did not use SMS or email authentication. However, the crypto trader suspects a possible data breach originating from a third party or the dark web.

Tags