Crypto Scam: Sophisticated Social Engineering Attack Targets Coinbase Users
Seasoned trader Jacob Canfield shared his story of almost being scammed by malefactors. The next day, an anonymous whitehat hacker approached him and gave him a few security tips: the trader was contacted by email and phone number that he never shared with the hacker.
Beware: All Coinbase users should change passwords and 2FA credentials
A series of social engineering attacks targets all users of Coinbase, the largest U.S. cryptocurrency exchange ecosystem. Malefactors contact traders and inform them that their password and 2FA settings are allededly changed. Professional trader and investor Jacob Canfield was among those reached by scammers.
Holy shit.
— Jacob Canfield (@JacobCanfield) June 13, 2023
I just got attacked with one of the most complex scams in #crypto that I have seen to date.
Please read if you use @coinbase.
This just happened 15 minutes ago.
THIS IS A WARNING FOR ALL COINBASE USERS!
There has been some sort of a data breach.
First, I… pic.twitter.com/aOVWLpAtY4
First, such information was sent via SMS, but then the scammers started calling Canfield from a San Francisco-registered phone number.
The trader stressed that he never used SMS as an instrument for 2FA. That is, the entire process of "verification" looked strange to him from the very beginning. However, he then received an email from real Coinbase server that included his 2FA code from an active account.
He called this social engineering attack one of the most sophisticated of all time as it includes interaction with a legit Coinbase support unit.
As it stands, it looks like the email from Coinbase is legit and is automatically sent when you request a support ticket to verify your account.
The working theory is that the scammers were on live chat or on a phone call with the actual @coinbase support and they requested a code verification. This would have then granted them access to the account I believe.
Canfield added that he has information about 30+ users of Coinbase who were targeted by the same scam campaign.
Gemini 2022 data breach might be to blame, white hat hacker says
However, the spiciest thing is the fact that Canfield was contacted by a whitehat hacker who allegedly knows the design of the attack.
He reached the trader by phone and an email that he never shared. The whitehat hacker opined that the Coinbase attacker might use dumps of personal data obtained in previous large-scale attacks:
It looks like my data was exploited in a Gemini 2022 data breach (never heard anything about that), MGM Resorts, Ledger (Newsletter) - never owned one, and about 20+ others.
Canfield is going to create his own guide to cyber security considering the experience of a failed hack attempt and a conversation with a hacker.