Tegan Kline, one of the co-founders of Edge & Node, warned users about this new attack. Kline’s “close friend” lost $1.7 million in assets from his own cryptocurrency wallet. The victim was tricked by the scammers into sharing his private key.

The fraudsters contacted the victim over the phone, pretending to be an employee of the cryptocurrency exchange Coinbase. Shortly after, they sent an email that appeared to be from Coinbase’s security team. In the email, the scammers identified themselves as “David Brown” and stated that the recipient spoke with an “official” Coinbase representative. To appear legit, they gave the victim information about his past transactions from Coinbase.

The scammer then claimed that the victim’s wallet was “connected directly to the blockchain,” resulting in unauthorized transactions. This was followed by a follow-up email and an accompanying submission process.

To fix the problem, the victim was redirected to a scammer-controlled website. According to the victim, she knew the website was “not secure” but only entered part of the key phrase and did not send it. Despite this, $1.7 million in assets were stolen from the victim’s wallet.

Alex Miller, CEO of Hiro Systems, said these malicious websites capture the data the user enters, and even part of a password phrase is enough to “crack” the rest.

Miller added that he was also targeted by a similar fake Coinbase employee scam. The scammers claimed that someone was trying to access their account. The administrator speculated that his email may have been exposed in 2022 in a data leak in CoinTracker’s email service provider database. He advised anyone using CoinTracker to “change their API keys” during the attack, which allows scammers to authenticate themselves as victims.

“This appears to be a moderately targeted attack. They created a similar email address and spoofed my phone number, but so far they have not attempted phishing or hacked any of my underlying accounts,” Miller said. he added.

Another X user, “TraderPaul04”, also claimed to have “blocked” a similar attack. The user received an automated call saying their Coinbase account was accessed from a different location. He was asked to confirm the entry. Following this, he received a call from an “American male” who introduced himself as a Coinbase employee. He then received a fake password reset link, which TraderPaul04 identified as a phishing attempt.

User X also confirmed that there were no attempts to log into his account. The Coinbase brand has been used many times by scammers, and it’s not just limited to employee impersonations. In May, the United States Department of Justice (DoJ) charged an individual who stole $37 million worth of cryptocurrency through a fake Coinbase Pro website.

Beyond Coinbase, scammers have impersonated other cryptocurrency exchanges, government agencies, and even celebrities. In some cases, victims were defrauded under the guise of job interviews.