Crypto enthusiasts are on high alert as scammers, posing as Coinbase, have successfully swindled almost $2 million in a phishing scam that is believed to be linked to the 2022 CoinTracker security breach.
Loss of $1.7 Million from Ledger Wallet
Recently, Tegan Kline, the CEO of Edge & Node, revealed that a crypto investor fell prey to a phishing attack where scammers, masquerading as Coinbase security personnel, tricked the investor into revealing a portion of their seed phrase, resulting in the draining of their self-custody wallet.
The victim received a call from an individual claiming to be from Coinbase’s security team, followed by an email from a fake Coinbase address confirming the caller’s identity. The scam involved a fake delay in an alleged transaction, leading to the victim disclosing sensitive information.
Afterward, the criminal coerced the victim into providing part of their seed phrase, claiming it was necessary to secure the ledger wallet. This ultimately led to $1.7 million being siphoned from the victim’s wallet in cryptocurrencies like Bitcoin, Ethereum, GRT, MATIC, and DOT.
Link to CoinTracker Breach
There have been speculations within the community regarding how the scammer acquired certain details about the victim, with some suggesting insider involvement due to the specificity of the attack. However, CEO Alex Miller of Hiro proposed a connection to the 2022 CoinTracker data breach.
Miller shared that an attempt was made to access his Coinbase account using information obtained during the CoinTracker breach, indicating a possible correlation to the recent phishing scam. Scammers seem to have used Coinbase’s API key along with other data to validate their identity.
Users have been cautioned to secure their Coinbase accounts and rotate their API keys, especially if they have been using CoinTracker, to prevent falling victim to such scams.
