An increasing number of crypto users are reporting scam emails that impersonate major exchanges like Coinbase and Gemini. These phishing attempts are crafted to appear as official communications, with scammers urging recipients to create new wallets using pre-generated recovery phrases—phrases that the scammers already control.
Users on X (formerly Twitter) have shared examples of these fake emails. One fraudulent message, pretending to be from Coinbase, instructs users to transition to self-custody wallets by downloading the official Coinbase Wallet app. It falsely claims there’s an April 1 deadline to complete this migration.
But here’s the scam: the email includes recovery phrases that are compromised from the start. Anyone who sets up a wallet using them and transfers their crypto ends up handing full access to their funds to scammers, who can then steal the assets.
The phishing email also references a fake class-action lawsuit, falsely alleging that Coinbase has been found guilty of selling unregistered securities. It claims that due to a court ruling, users must transfer their assets to Coinbase Wallets, as Coinbase supposedly becomes a registered broker.
In reality, the U.S. Securities and Exchange Commission (SEC) dismissed its case against Coinbase on February 27. The case had accused Coinbase of operating as an unregistered broker and selling unregistered securities, but no such ruling exists requiring asset transfers.
Coinbase acknowledged the scam in a March 14 post on X, emphasizing that it never sends users recovery phrases and warning people not to trust any recovery phrase provided by others.
Gemini has been the target of similar impersonation scams. The fraudulent emails use the same deceptive narrative—claiming a court ruling requires users to set up new wallets using pre-made recovery phrases.
Gemini was previously under SEC investigation for its Earn program, which was accused of offering unregistered securities. However, that case was dropped on February 26.
Blockchain security firm CertiK flagged phishing scams like these as one of the biggest threats to Web3 security in 2024. Its annual report revealed phishing attacks cost users $1 billion across 296 incidents in the past year.
These scams come as reports surface of at least three crypto founders narrowly avoiding hacking attempts by suspected North Korean actors. The attackers, posing as business partners, arranged Zoom meetings, then claimed technical issues and shared malicious links to alternative video calls in an attempt to install malware and steal sensitive information.
