Cyber Crime
Coinbase Users Targeted in Sophisticated Phishing Scam Posing as Wallet Migration
A large-scale phishing attack is targeting Coinbase users, tricking them into setting up a new wallet using a pre-generated recovery phrase controlled by attackers. The scam, disguised as a mandatory wallet migration, falsely claims Coinbase is shifting to self-custodial wallets following a court order.
How the Phishing Scam Works
The phishing emails, titled “Migrate to Coinbase Wallet,” instruct recipients to transition their funds into a Coinbase Wallet using a provided recovery phrase. The email states: “As of March 14th, Coinbase is transitioning to self-custodial wallets. Following a class action lawsuit, users must manage their own wallets. Your unique recovery phrase below is your Coinbase Identity—import it into Coinbase Wallet to access your funds.”
Unlike traditional phishing scams, this email contains no fake links. Instead, it directs users to Coinbase’s legitimate wallet page. However, the scam relies on the fact that anyone who uses the provided recovery phrase will inadvertently give attackers control over their funds. Once victims deposit cryptocurrency into the new wallet, attackers can transfer the assets elsewhere.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
Phishing Email Bypasses Security Checks
The email appears to originate from noreply@akamai.com and is sent from a SendGrid IP address (167.89.33.244), resolving to o1.soha.akamai.com. Because the message was seemingly sent directly through SendGrid, it successfully passed SPF, DMARC, and DKIM security checks, allowing it to bypass spam filters.
Akamai Investigating the Incident
BleepingComputer contacted Akamai, which acknowledged the issue and stated: “We take security seriously and are actively investigating. Phishing scams remain a prevalent cyber threat, and we urge users to exercise caution with unsolicited emails requesting personal information.”
Coinbase’s Response and User Advisory
Coinbase has confirmed awareness of the scam, emphasizing that it never sends recovery phrases to users. In a warning post on X, the company advised: “We will never send you a recovery phrase. Never use a recovery phrase provided to you by someone else.” For those who may have fallen victim to this scam, Coinbase urges immediate action—if funds are still in the compromised wallet, users should transfer them out as quickly as possible before attackers do.
Key Takeaway: Stay Alert
While users are often warned to never share their recovery phrases, this scam highlights a new tactic—never use a recovery phrase given to you via email or a website. These are likely pre-set traps designed to steal your cryptocurrency.