A sophisticated phishing campaign is targeting cryptocurrency investors with fraudulent emails claiming a mandatory Coinbase wallet migration requirement.
These deceptive messages, bearing the subject line “Migrate to Coinbase wallet,” are being distributed at a large scale, potentially bypassing spam filters due to their clever design.
The scam alleges that a court order has forced Coinbase to change its operations, requiring users to move their assets to self-custodial wallets.
.webp)
The fraudulent emails claim that “following a class action lawsuit alleging unregistered securities and unlicensed operations, the court has mandated that users manage their own wallets.”
They further assert that Coinbase will operate solely as a registered broker, necessitating the migration of all assets to Coinbase Wallet.
Bitdefender researchers detected that this attack employs an ingenious strategy different from typical phishing attempts.
Rather than trying to steal users’ existing recovery phrases, the scammers provide victims with their own predetermined seed phrases, such as “remember, mention, corn, sing, setup, smart, virus, dumb, clump, uphold, trap, cousin.”
The true intent becomes apparent when users follow instructions to download the legitimate Coinbase Wallet app and import these provided seed phrases.
By doing so, victims unknowingly create new wallets with credentials already known to the attackers, who can then steal any cryptocurrency transferred to these compromised wallets.
What makes this scam particularly deceptive is that all links within the emails direct to legitimate Coinbase.com addresses. However, examination of email headers reveals they originate from non-Coinbase domains such as akamai.com.
Protecting Your Cryptocurrency Assets
Coinbase has issued warnings through their support channels, emphasizing they never distribute recovery phrases via email and advising users to never utilize seed phrases provided by others.
If you’ve received such messages, delete them immediately to prevent potential cryptocurrency theft.
Users who may have already followed the instructions should create new wallets with secure, self-generated recovery phrases and transfer any remaining assets immediately.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
