Thousands of Coinbase Users Hit by Phishing Attack -- Here's How to Protect Yourself

by Emma Newbery | Published on Oct. 6, 2021

Many or all of the products here are from our partners that pay us a commission. It’s how we make money. But our editorial integrity ensures our experts’ opinions aren’t influenced by compensation. Terms may apply to offers listed on this page.
A man looking upset while reading something on his phone.

Image source: Getty Images

Over 6,000 Coinbase customers lost money in the phishing attack.

Coinbase has shared details of a broad phishing attack that took place in April and May of this year. The popular cryptocurrency exchange said there had been "a significant uptick in Coinbase-branded phishing messages targeting users of a range of commonly used email service providers."

Phishing is where criminals impersonate legitimate organizations through fake email, text, or phone messages. They then trick customers into revealing sensitive information, such as passwords or account details.

According to Reuters, over 6,000 Coinbase customers lost money to the scammers. But these types of scams don't only happen in cryptocurrency. More widely, a report from security experts Tessian shows that 75% of organizations around the world experienced some kind of phishing attack in 2020 -- and 96% of those came by email.

How Coinbase phishers stole money

The scammers used several types of emails to pass themselves off as Coinbase customer service or security representatives. These included an email that pretended the user's account had been locked, and another with a fake URL that captured user login information when clicked. One message contained an app that then gave the criminals access to people's email accounts.

Once attackers had stolen Coinbase login details or accessed people's email accounts, they could then go on to steal their funds. Coinbase says it has taken steps to avoid future attacks of this kind and stressed that the fraudsters did not breach the platform's broader security measures.

How to protect yourself against phishing

The best way to protect yourself against phishing and other types of fraud is to be cautious about emails or text messages you receive, especially if you're not expecting them.

Our top crypto play isn't a token - Here’s why

We’ve found one company that’s positioned itself perfectly as a long-term picks-and-shovels solution for the broader crypto market — Bitcoin, Dogecoin, and all the others. In fact, you've probably used this company's technology in the past few days, even if you've never had an account or even heard of the company before. That's how prevalent it's become.

Sign up today for Stock Advisor and get access to our exclusive report where you can get the full scoop on this company and its upside as a long-term investment. Learn more and get started today with a special new member discount.

Get started

Here are a few techniques to keep your accounts safer:

  • Don't click on links in emails, even if they seem to come from a reputable source. Instead, bookmark URLs to sensitive sites -- whether it is your bank or your crypto exchange. That way you'll always know you're going to a real site and not a fake one designed to steal your data.
  • Look carefully at the content of your messages. Watch out for obvious typos or errors in the logo, and be suspicious of email addresses that don't seem quite right. A crypto platform will not contact you from a Gmail address.
  • Don't open attachments. If you receive an attachment from an unknown source, opening it could infect your computer with malware.
  • Use two-factor authentication (2FA). This extra layer of security adds an additional verification step, such as a code you receive by SMS or email. Many sites also use apps that generate authentication codes.
  • Use strong passwords. Whether it's for email accounts, online banking, or cryptocurrency apps, the number of passwords we have to juggle can feel overwhelming. But try to resist the temptation to use the same password for multiple accounts -- or to use easy-to-remember passwords like your date of birth or child's name. You can install a password manager on your computer or create your own system that helps you generate and remember them all.
  • Make sure your antivirus software is up to date. Criminals are constantly coming up with new ways to attack your computer and steal your information. That's why it's a good idea to regularly update your antivirus software and scan your computer.

If you do accidentally click a link or fall victim to a phishing scam, make sure you change all your passwords and report the fraud to both the organization involved and the Federal Trade Commission. Depending on the type of information that's stolen, you may also want to freeze your credit with the three major credit bureaus to prevent scammers from opening fraudulent accounts in your name.

Unfortunately, as our world becomes more digital, phishing and other forms of online fraud will increase. But the more cautious you are, the less likely you are to fall victim to them.

About the Author