HQ/EMEAFind out how we can help your business
A newly discovered Coinbase phishing operation poses a massive threat to numerous account owners. Reports revealed that the attack is trying to trick victims into creating an attacker-controlled pre-generated recovery phrase.
The researchers stated that the phishing emails have the subject line “Migrate to Coinbase Wallet” and claim that all users must switch to self-custodial wallets. The email also includes directions for downloading the authentic Coinbase Wallet.
Coinbase began switching to self-custodial wallets on March 14th, which must have paved the way for threat actors to create a malicious operation to take advantage of the mandatory activity.
On the other hand, the platform will function as a regulated broker, allowing purchases, but all assets must be transferred to Coinbase Wallet.
The Coinbase phishing campaign includes a false sense of legitimacy that could trick unwary users.
The phishing email claims to be from Coinbase, but the reply address is noreply@akamai.com. It is also transmitted from the SendGrid IP address 167.89.33.244, which is resolved via DNS to o1.soha.akamai.com.
The email appears to have been delivered directly through SendGrid, which looks like Akamai’s account. Hence, it passes the SPF, DMARC, and DKIM email security checks, enabling the operation to bypass spam filters on many accounts.
While most cryptocurrency phishing schemes try to obtain recovery phrases, which the attacker then uses to steal your assets, this activity does the opposite. This phishing email is unique since the attacker gives a user one it already knows and controls rather than taking its phrase.
Once a user creates a new wallet with that phrase and puts funds into it, the threat actor can access all the assets, which can then be transferred to an attacker-controlled wallet.
Coinbase is aware of the fraud and posted on X that it will never distribute recovery phrases to consumers. Finally, the firm indicated that it is working to solve the problem and will continue to monitor and manage any associated risks.
They encourage users to remain vigilant with their digital wallets and presence to protect their personal information.
