Leading cryptocurrency exchange Coinbase faced increased impersonation scams last week, targeting at least four users. Crypto thieves used social engineering and impersonation tactics to deceive victims into revealing sensitive financial information. One victim lost over $1M in cryptocurrency to the scammers.
According to Edge & Node co-founder Tegan Kline’s July 8 X post, a close acquaintance fell victim to the impersonating scam and lost $1.7 million from their self-custody wallet.
Seed Phrase Scam: $1.7 Million Lost to Scammers
The scammer sent emails appearing to verify their identity as a Coinbase representative. They fabricated a story about the victim’s wallet connecting directly to the blockchain, causing unauthorized transactions.
CT, a member of the community urgently needs your help.
$1.7 Million stolen – A good friend’s self custody wallet was drained by a scammer yesterday, July 6th.
TLDR of how it went down below (3 pages)
You can find the Ethereum transactions with links in the comment below.… pic.twitter.com/OTx3wslz6R
— Tegan.eth , (@theklineventure) July 7, 2024
To add credibility, they sent a fake email showing an outgoing transaction. The victim was then directed to a website to enter their seed phrase, which they partially entered, allowing the scammers to gain partial access to the wallet and cause damage.
Alex Miller, CEO of Hiro Systems, explained that such websites “are capturing data as you enter it,” allowing criminals to potentially “brute force the rest” of the seed phrase.
Never enter any information into a site you have a bad feeling on – even if you never hit submit, the bad guys are capturing data as you enter it.
sounds like this user put in part of his seed phrase, which was enough to reduce the entropy and the bad guys brute force the rest. https://t.co/NMpeLcHmdv
— Alex Miller (@alexlmiller) July 8, 2024
Miller himself reported being targeted by a similar scam, suggesting that the attackers may be using information leaked from CoinTracker‘s email service provider database in 2022.
Additionally, other users have reported similar experiences, as evidenced by an X user known as “TraderPaul04,” who described a “pretty sophisticated” attempt in which a scammer posing as a Coinbase representative claimed there was a suspicious login attempt on their account.
The scammer then tried manipulating the user into revealing their account password through a fake password reset link.
Another user, “beanx,” reported a similar call from a fake Coinbase representative alleging an unauthorized login attempt.
This is not the first time malicious entities have targeted Coinbase users to con them into stealing their funds. In October 2023, scammers used the Coinbase domain name for phishing attacks. Users reported receiving texts and emails from scammers with links under the domain Coinbase.com.
Crypto Phishing Theft on the Rise
The spate of crypto scams continues to increase. In the first half of 2024, approximately $1.19 billion was lost to crypto security incidents, with over $900 million stolen through phishing and seed phrase compromise attacks.
According to recent data from blockchain research firm Scam Sniffer, phishing scammers stole about $314 million worth of cryptocurrency in just six months, a 6.44% increase compared to the same period in 2023.
[1/8] ScamSniffer Mid-Year Phishing Report
In H1 2024, 260k victims lost $314M across EVM chains. 20 people lost over $1M each, totaling $58M.Compared to $295M stolen last year, this year hit that in just 6 months! pic.twitter.com/S1X3p3Ujj0
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 5, 2024
The 2024 data is remarkably higher than what was reported in the whole of 2023. Recall that crypto phishing scams drained almost $300,000 from 320,000 users in 2023.
Experts advise cryptocurrency users to stay vigilant and follow best security practices. This includes never sharing seed phrases or private keys with anyone, even if they claim to be from a reputable exchange.
Credit: Source link
