Don’t Take the Bait: Coinbase & Gemini Exchange Users Targeted by Phishing Attack

TLDR

• Coinbase users targeted by mass phishing emails claiming mandatory wallet transfers by April 1
• Scammers provide pre-generated recovery phrases that give them control of any transferred funds
• Emails falsely cite a dismissed SEC lawsuit as reason for required wallet changes
• Both Coinbase and Gemini exchanges have been impersonated in similar scams
• Coinbase has warned users they will never send recovery phrases to customers

Cryptocurrency users are facing a new wave of phishing attacks impersonating major exchanges like Coinbase and Gemini. The fraudulent emails pressure victims to transfer their digital assets into self-custodial wallets using recovery phrases provided by the scammers.

The phishing campaign began over the weekend with mass emails sent to Coinbase users. These messages falsely claim that due to a court mandate stemming from a class-action lawsuit, users must move their assets to self-managed wallets before April 1.

Is anyone else getting the fake @coinbase emails and texts? They’re getting increasingly sophisticated.

One is a fake verification text to get you to call a fake support number and the other is an email getting you to set up a real wallet they can drain.

Stay safe out there. pic.twitter.com/8SgjPQeUqk

— Steve (@SteveKBark) March 14, 2025

“Coinbase will operate as a registered broker, allowing the purchases, but all assets must move to Coinbase Wallet,” the deceptive emails state. This creates a false sense of urgency to trick recipients into taking immediate action.

The scam is cleverly designed to appear legitimate. Fraudsters instruct victims to download the actual Coinbase Wallet app, making the scheme seem more credible. However, they then provide pre-generated recovery phrases.

These recovery phrases are the critical element of the scam. When users set up a new wallet using these phrases, they unknowingly give scammers complete access to any funds transferred to that wallet.

Reminder: Beware of recovery phrase scams.

We're aware of new phishing emails going around pretending to be Coinbase and Coinbase Wallet.

We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else. pic.twitter.com/E9Us5jNS4C

— Coinbase Support (@CoinbaseSupport) March 14, 2025

The emails reference a lawsuit by the U.S. Securities and Exchange Commission (SEC) against Coinbase for allegedly selling unregistered securities. This claim is false. The SEC dismissed its lawsuit against Coinbase on February 27, 2025.

Similar phishing attempts have targeted Gemini exchange users. These emails use the same tactics, claiming users need to set up new wallets because of a recent court decision. The SEC also ended its legal action against Gemini on February 26.

Coinbase has publicly responded to the scam. In a post on X on March 14, the company warned:

“We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else.”

This latest attack comes during a period of increased phishing activity in the cryptocurrency space. According to blockchain security firm CertiK, phishing attacks cost crypto users $1 billion across 296 incidents in 2024, making them the most serious security threat.

Users who fall victim to these scams typically lose all their transferred funds immediately. The fraudsters gain instant access to any cryptocurrency sent to the compromised wallets and can drain them within seconds.

The phishing emails create a false sense of legitimacy by appearing to come from trusted exchanges. They often include official logos, similar formatting, and language that mimics real communications from these companies.

Security experts advise crypto users to always verify communications directly through official exchange websites or apps. Users should never use recovery phrases provided by anyone else, even if the source appears to be legitimate.

Fake Zoom Calls

This phishing campaign follows reports of other sophisticated scams targeting the crypto industry. At least three crypto founders recently reported foiling attempts from alleged North Korean hackers who used fake Zoom calls to try to steal sensitive data.

The California financial regulator has also issued warnings about seven new types of crypto and AI scams currently targeting consumers. These evolving threats show how scammers continue to develop new methods to target cryptocurrency holders.

Crypto exchanges recommend enabling two-factor authentication and using hardware wallets for added security. They also emphasize that legitimate companies will never ask users to share recovery phrases or private keys via email, chat, or phone.

Victims shared examples of the scam emails on social media platform X, helping to spread awareness about the threat. Community vigilance has played an important role in alerting others to the ongoing phishing campaign.

The SEC’s dismissal of cases against both Coinbase and Gemini in February makes the scammers’ claims particularly misleading. No court has mandated that users of these exchanges must move to self-custodial wallets.

The post Don’t Take the Bait: Coinbase & Gemini Exchange Users Targeted by Phishing Attack appeared first on Blockonomi.