Coinbase will not call customers to warn them that their accounts may have been compromised. It is a common scam vector. However, someone tried it on me.
You read State of Crypto, a Coindesk newsletter looking at the intersection of the cryptocurrency and the government. Click here to register for future editions.
The story
Last weekend, an unknown California issue called me. A useful gentleman informed me that my Coinbase account had been compromised during his recent data violation and that he was there to help me not to lose my assets.
Oh no, horror!
Why it matters
Very well, so it’s obviously a scam. Just after hanging up with this supposed assistance agent, I sent a text to a spokesperson from Coinbase to verify that no exchange would be at any time call A customer to tell them that his account has been compromised. This is the scam 101 – If you receive a phone call informing you that your account has been compromised, whether in an crypto exchange, a bank, IRS, whatever, it is a scam. Do not share your personal information and provide no password if you receive a call like this.
There have been some faults in the attempt to make me pass, probably, to move my funds from my Coinbase account supposedly compromised to another address. But I hope this can be a useful teaching moment for nearly 70,000 people who have been affected by the recent disclosure of Coinbase violation, as well as any other person who receives a telephone call saying that their information has been compromised. Here’s how it went.
Decompose it
Let’s start at the start. On Saturday May 24, I received a call from a number that I did not recognize on my personal phone, not my public oriented work number. It’s a weekend, where I visited my family in another state, I did not picked up. Then, the same number recalled and I still haven’t taken up (yes I know, fascinating, but it’s 2025 and you can leave a voice message or a text).
Ten minutes later, I received a third call from another issue, which I picked up because at that time, I was curious.
A quick gentleman who called Riccardo told me that he was part of the Coinbase actions and protection service and that he had stretched out because my Coinbase account had been compromised and that a new email had just been added to my account.
I was quite confused, for reasons that I will enter below. But I was also intrigued because there were immediately four red flags. For the sake of simplicity, I will qualify as “the agent” from now on, but to be absolutely clear, I doubt that he is a real customer service agent, representative or other Coinbase employee, and he certainly did not contact me as an authorized representative of the exchange.
First of all, the phone call itself is a large red flag. Coinbase will never call a client about a violation, but will rather contact customers by email, he said in a tweet.
It is actually standard. The Federal Trade Commission website notes that there is a wide range of scams in which someone will call you, and many other companies have warnings that their employees will never call a customer on account problems.
The agent to whom I spoke said they would freeze my account for 24 hours to ensure that no fund could be stolen (thank you, I suppose?) And that a supervisor would contact me (I continue to wait for this supervisor to call). This supposed gel on my account can be extended to three months if there are several failed connection attempts.
To conclude the call, he said he would send me an email summarizing all the details we had discussed. Saturday evening, I received an email with the object line “Your case is being revised.”
The monitoring email that the very useful customer service representative sent was extremely instructive.
On the one hand, the email address they had associated with my account is a public address, but is not the email address attached to my real Coinbase account (in balance, I forgot this part until I try to find my connection information a few days later).
Gmail initially reported (correctly) this email in the form of a spam. I moved it to my reception box, where Gmail then showed me that the sender ([email protected]) was not the sender-E-mail arrived via learnindonesian.online. Even the info-coinbase.com part is summary-on the one hand, the Coinbase website is Coinbase.com, although it sends e-mails to [email protected], you do not expect a union in a field of assistance emails. On the other hand, the Info-Coinbase Domaine was created for the first time in November 2024 (according to ICANN research) and is not a real website.
Email headers were not useful either in terms of providing identification information, but they confirmed that the sender seemed to have tried to hide their information.
Curiously, the “Visit Coinbase” link seems to be linked to the real Coinbase website and there does not seem to be hidden on-board images or other files attached in the email. I don’t totally know what’s going on there. A real crook could have integrated a virus in a way into the email or even a monitoring pixel. Another common crooking tool could use is to put a phishing link instead of a legitimate email in an email, bringing the user to go to a website intended to steal his connection information (this is not legal, technical or any other type of advice; if you decide to try to rely someone using information that you gleaned from this newsletter, stop).
Although the crooks can sometimes know how much their planned victims have in a portfolio or an account, the person who called me did not seem to have this information (because I have no crypto in my Coinbase account).
I recalled the number on Friday to see what could happen. No one has resumed. I guess my account must be secured now.
- Stand with Crypto removes Soulja Boy from the Rally of the Governor of the NJ after discovering a fine sexual assault: Stand with Crypto announced that Soulja Boy and 070 Shake would make the front page “Get Out the Voting Rally” next week before the primary elections of the Governor of New Jersey. SWC removed Soulja Boy a day later after discovering that he was tried responsible for sexual accusations and assault and ordered $ 4 million last month, in a case resulting from 2021.
- The head of the dry working group says that crypto traders must be growing, not shouting in government: The SEC commissioner, Hester Peirce, told Las Vegas Bitcoin 2025 that it was to invest in speculative assets, especially if there is no federal regulator with close surveillance, but these investors cannot request a rescue when prices flow.
- The republicans of the American house officially introduce the bill on the structure of the cryptographic market: House republicans officially introduced the law on the clarity of the digital asset market, its bill on market structure, just weeks after the dissemination of a discussion project.
- The development of cryptography does not violate American law on securities, dry says: The last declaration of the SEC personnel examines stimulation and how the securities regulator could assess this part of the cryptography ecosystem.
- Sec files to reject the long -standing trial against Binance: The dry and the binance filed a joint stipulation to remove the regulator’s file against the binance.
- Suspects at Manhattan Crypto Kidnapping, Torture Case Plaid not guilty as the investigation widens: The news announced this weekend that cryptographic investor had been kidnapped and tortured for its Bitcoin keys. Two suspects accused of having perpetuated the kidnapping were arrested and unbeatable.
- Trump’s same dinner interviewed by the best democrat on the Chamber’s Judicial Committee: Jamie Raskin, the best democrat of the Chamber’s Judicial Committee, wrote a letter to US President Donald Trump calling on him to publish the names of his guests during last week’s same dinner.
Friday
- 3:00 p.m. UTC (11:00 am) A federal judge held a telephone hearing to assess the Roman Storm defense argument that the Ministry of Justice may have refused information. The judge ruled that, in his opinion, the Doj did not have to review his documents and had not retained the information which reached the level of procedure affecting.
- (The Washington Post) The White House has published a report “Make America Healthy Again” which quoted nonexistent studies and references – with revealing signs that AI may have been used to generate at least certain parts of the report.
- (The federal reserve) The Fed said that 8% of adults who responded to an investigation said they organized a cryptocurrency in the United States, against 12% four years ago.
If you have reflections or questions about what I should discuss next week or any other comment you want to share, do not hesitate to send me an e-mail at nik@PK Press Club.com or to find me on Bluesky @ nikhileshde.bsky.social.
You can also join the group conversation on Telegram.
See you next week!
