Crypto phishing scams have become increasingly lucrative, with reports suggesting that scammers impersonating Coinbase support can earn five-figure sums weekly. Recently, a notable incident involved a phone call between Nick Neuman, CEO of a self-custody solutions provider, and a scammer posing as a Coinbase representative. During this interaction, the scammer revealed that their operations had generated as much as $35,000 in just two days, clearly indicating the financial incentive driving these illegal activities.
Neuman shared details of the conversation, highlighting how the scammer used manipulation tactics. The so-called support representative initiated the call and claimed that a request for a password change had been canceled, and also said that a notification was sent out containing a malicious link. This encounter unearthed insights about the demographic they target. The scammer mentioned that they focus on high-profile individuals such as CEOs, CFOs, and software engineers, generally avoiding those with lower financial backgrounds.
The scammer disclosed that they access detailed personal data from a database associated with a Bitcoin financial services company. By leveraging this information, they assumed that individuals interested in cryptocurrency likely held accounts with Coinbase. Additionally, they employ advanced methods, such as an “auto-doxxer” for obtaining further personal information, and can spoof emails to make them appear legitimate.
The ultimate objective of these scams is not to acquire login credentials directly but rather to manipulate victims into transferring cryptocurrency to wallets controlled by the scammers. To obscure their tracks, they utilize mixing services like Tornado Cash for laundering, which further complicates the tracing of stolen funds. Amid growing concerns about security breaches in the crypto space, the prevalence of these scams highlights a stark reality where individuals can lose significant amounts of money without recourse. In just the third quarter of 2024, losses from phishing attacks exceeded $127 million, underlining the urgent need for increased security awareness in the crypto sector.
