In recent weeks, cryptocurrency users report a rise in phishing attacks impersonating major exchanges like Coinbase and Gemini. Scammers aim to deceive users into transferring assets to wallets under their control.
Anatomy of the Phishing Scam
The deceptive emails are intricately crafted to mirror official communications from Coinbase and Gemini using authentic logos, language, and formatting to appear legitimate. A key tactic involves urging users to transition assets to self-custody wallets by a set deadline. Emails provide instructions for downloading legitimate wallet applications but include pre-generated recovery phrases. If users set up wallets using these phrases, scammers gain full access to the funds. Additional urgency is created by falsely referencing legal actions against the exchanges.
Community Alerts and Responses
The crypto community proactively raises awareness on these scams. Users share their experiences on social media to warn others. For instance, a Reddit user highlighted receiving phishing emails disguised as verified Coinbase messages. Similarly, users on X (formerly Twitter) reported receiving multiple phishing emails targeting Coinbase and Gemini customers.
Official Exchange Responses
Coinbase and Gemini have acknowledged the phishing campaigns and are actively working to protect their users. Coinbase reiterated that it will never send recovery phrases and advised against using third-party recovery phrases. Gemini has addressed these threats by recommending two-factor authentication and hardware security keys to enhance account protection.
To safeguard against phishing attacks, users should be cautious of unsolicited emails, avoid using recovery phrases provided externally, and directly access exchange websites.
