Recent reports indicate a surge in fraudulent emails mimicking communications from major cryptocurrency exchanges like Coinbase and Gemini. These deception tactics involve persuading users to establish new wallets using pre-generated recovery phrases that are controlled by scammers.
In multiple instances shared on social media, users received emails appearing to be from Coinbase, urging them to transition to self-custodial wallets and providing instructions to download the official Coinbase Wallet. The correspondence sets a deadline of April 1 for this transition, but it also includes recovery phrases generated by the scammers. Should a user create a new wallet with these phrases and subsequently transfer their funds, the scammers would gain full access and could drain the wallet entirely.
The emails reference a class-action lawsuit against Coinbase, suggesting that a court ruling has required users to manage their own wallets. They falsely claim that Coinbase will continue as a registered broker, but all user assets must be moved to the Coinbase Wallet. Notably, the U.S. Securities and Exchange Commission (SEC) had previously dismissed a lawsuit against Coinbase for operating as an unregistered broker.
In a similar vein, Gemini users have also been targeted by the same scam involving recovery phrase emails. This deception plays on a recent court ruling, with the email advising users to create new wallets for the same supposedly legal reasons. The SEC had been pursuing legal action against Gemini for allegedly offering unregistered securities through its earn program, but the regulator concluded this litigation in late February.
A recent report from blockchain security firm CertiK highlighted the alarming rise of phishing attacks within the cryptocurrency sector, which cost users around $1 billion over numerous incidents, marking it as a major security risk for the coming year. This uptick in scams coincides with reports from several cryptocurrency founders who have successfully thwarted attempts by suspected North Korean hackers to compromise sensitive information through misleading Zoom calls.